VDB
DEBIAN-CVE-2016-1000343
DEBIAN-CVE-2016-1000343
PUBLISHED
CVSS 7.5 HIGH
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.
Risk Scores
CVSS 3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | bouncycastle | 0, 0, 0 |
| Debian:12 | bouncycastle | 0, 0, 0 |
| Debian:14 | bouncycastle | 0, 0, 0 |
| Debian:13 | bouncycastle | 0, 0, 0 |
Exploit Intelligence
- releasenotes.html (github-poc)
Timeline
- Jun 4, 2018 CVE Published
- Apr 28, 2026 CVE Updated