VDB
CVE-2016-1000340
CVE-2016-1000340
PUBLISHED
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.
EPSS 0.40% · 60.9th percentile
Risk Scores
EPSS Score
0.40%
60.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | bouncycastle | 0, 1.51-4ubuntu1, * |
Exploit Intelligence
- https://www.ibm.com/support/pages/node/7263391 (circl)
- CIRCL seen: CVE-2025-13702 (circl-sighting)
- releasenotes.html (github-poc)
- releasenotes.html (github-poc)
- releasenotes.html (github-poc)
- releasenotes.html (github-poc)
- releasenotes.html (github-poc)
- releasenotes.html (github-poc)
- releasenotes.html (github-poc)
- releasenotes.html (github-poc)
…and 1 more exploits
Timeline
- Jun 4, 2018 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-1000340 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-1000340 third-party-advisory