| Name | CVE-2015-7940 |
| Description | The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more) |
| References | DLA-361-1, DSA-3417-1 |
| Debian Bugs | 802671 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| bouncycastle (PTS) | buster | 1.60-1 | fixed |
| bullseye | 1.68-2 | fixed | |
| bookworm, sid | 1.72-2 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| bouncycastle | source | squeeze | 1.44+dfsg-2+deb6u1 | DLA-361-1 | ||
| bouncycastle | source | wheezy | 1.44+dfsg-3.1+deb7u1 | DSA-3417-1 | ||
| bouncycastle | source | jessie | 1.49+dfsg-3+deb8u1 | DSA-3417-1 | ||
| bouncycastle | source | (unstable) | 1.51-1 | 802671 |
https://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
Commits: https://github.com/bcgit/bc-java/commit/5cb2f05
Possibly needed to include as well: https://github.com/bcgit/bc-java/commit/e25e94a
Peter Dettman <peter.dettman@bouncycastle.org> offered to assist if backporting fails and to review the result.