VDB

GCVE-110-MAGEIA-2015-487

GCVE-110-MAGEIA-2015-487
Advisory Published
Vulnetix · Advisory published December 28, 2015
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack" (CVE-2015-7940).

Affected Products

VendorProductVersionsPlatforms
Mageiabouncycastle0 (affected), 1.50-3.1.mga5 (unaffected)

Browse GCVE Records

72,409 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›