VDB
DEBIAN-CVE-2017-13098
DEBIAN-CVE-2017-13098
PUBLISHED
CVSS 5.900000095367432 MEDIUM
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."
Risk Scores
CVSS v3.0
5.900000095367432
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | bouncycastle | 0, 0, 0 |
| Debian:11 | bouncycastle | 0, 0, 0 |
| Debian:12 | bouncycastle | 0, 0, 0 |
| Debian:13 | bouncycastle | 0, 0, 0 |
Timeline
- Dec 13, 2017 CVE Published
- Apr 28, 2026 CVE Updated