VDB
CVE-2018-1000613
CVE-2018-1000613
PUBLISHED
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
EPSS 5.04% · 89.9th percentile
Risk Scores
EPSS Score
5.04%
89.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | bouncycastle | 1.57-1, 1.59-1, 1.58-1 |
Exploit Intelligence
- CVE-2015-7545 proof of concept (github-poc)
- CVE-2015-7545 proof of concept (github-poc)
- CVE-2015-7545 proof of concept (github-poc)
- CVE-2015-7545 proof of concept (github-poc)
- CVE-2015-7545 proof of concept (github-poc)
- CVE-2015-7545 proof of concept (github-poc)
- CVE-2015-7545 proof of concept (github-poc)
- CVE-2015-7545 proof of concept (github-poc)
- releasenotes.html (github-poc)
- releasenotes.html (github-poc)
…and 7 more exploits
Timeline
- Jul 9, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 13, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Nov 17, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-1000613 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-1000613 third-party-advisory