CVE-2018-5382

Description

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type "BKS-V1" was introduced in 1.49. It should be noted that the use of "BKS-V1" is discouraged by the library authors and should only be used where it is otherwise safe to do so, as in where the use of a 16 bit checksum for the file integrity check is not going to cause a security issue in itself.

How to fix CVE-2018-5382

To remediate CVE-2018-5382, upgrade the affected package to a fixed version below.

• —upgrade to 1.48+dfsg-2 or later
• —upgrade to 1.50 or later

Is CVE-2018-5382 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 1.48+dfsg-2
• from 0, < 1.50

CVSS scores

References (7)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-5382
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2018-5382
• WEBaccess.redhat.com/errata/RHSA-2018:2927
• WEBwww.bouncycastle.org/releasenotes.html
• WEB