CVE-2016-1000341
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
5.9
MEDIUM
CVSS 3.1
EPSS 0.80%
Description
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.
How to fix CVE-2016-1000341
To remediate CVE-2016-1000341, upgrade the affected package to a fixed version below.
- —upgrade to 1.56-1 or later
- —upgrade to 1.56 or later
- —upgrade to 1.56 or later
- —upgrade to 1.56 or later
Is CVE-2016-1000341 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 1.56-1
- from 0, < 1.56
- from 0, < 1.56
- from 0, < 1.56
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |