Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Oct 2015 12:25:12 +0200
From: Raphael Hertzog <>
Subject: CVE Request: invalid curve attack on bouncycastle


bouncycastle versions older than 1.51 are vulnerable to an
invalid curve attack as described in this article:

The attack allows to extract private keys used in elliptic curve
crytpography with a few thousands queries.

According to upstream developer Peter Dettman, the issue has been fixed
with those two commits:

Could a CVE be assigned to this issue?

Thank you.

PS: Please CC me as I'm not subscribed.
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS:
Learn to master Debian:

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ