CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
Unsafe Reflection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
bouncycastlebc-java
1.58 ≤
𝑥
< 1.60
netapponcommand_workflow_automation
-
opensuseleap
15.1
oracleapi_gateway
11.1.2.4.0
oraclebanking_platform
2.6.0
oraclebanking_platform
2.6.1
oraclebanking_platform
2.6.2
oraclebusiness_process_management_suite
11.1.1.9.0
oraclebusiness_process_management_suite
12.1.3.0.0
oraclebusiness_process_management_suite
12.2.1.3.0
oraclebusiness_transaction_management
12.1.0
oraclecommunications_application_session_controller
3.7.1
oraclecommunications_application_session_controller
3.8.0
oraclecommunications_converged_application_server
𝑥
< 7.0.0.1
oraclecommunications_converged_application_server
7.0.0.1
oraclecommunications_convergence
3.0.2
oraclecommunications_diameter_signaling_router
8.0.0
oraclecommunications_diameter_signaling_router
8.1
oraclecommunications_diameter_signaling_router
8.2
oraclecommunications_diameter_signaling_router
8.2.1
oraclecommunications_webrtc_session_controller
𝑥
< 7.2
oraclecommunications_webrtc_session_controller
7.2
oracledata_integrator
12.2.1.3.0
oracleenterprise_manager_base_platform
12.1.0.5.0
oracleenterprise_manager_base_platform
13.2.0.0
oracleenterprise_manager_base_platform
13.3.0.0
oracleenterprise_manager_for_fusion_middleware
13.2.0.0
oracleenterprise_manager_for_fusion_middleware
13.3.0.0
oracleenterprise_repository
11.1.1.7.0
oracleenterprise_repository
12.1.3.0.0
oraclemanaged_file_transfer
12.1.3.0.0
oraclemanaged_file_transfer
12.2.1.3.0
oraclepeoplesoft_enterprise_peopletools
8.55
oraclepeoplesoft_enterprise_peopletools
8.56
oraclepeoplesoft_enterprise_peopletools
8.57
oracleretail_convenience_and_fuel_pos_software
2.8.1
oracleretail_xstore_point_of_service
7.0
oracleretail_xstore_point_of_service
7.1
oraclesoa_suite
12.1.3.0.0
oraclesoa_suite
12.2.1.3.0
oracleutilities_network_management_system
1.12.0.3
oracleutilities_network_management_system
2.3.0.0
oracleutilities_network_management_system
2.3.0.1
oracleutilities_network_management_system
2.3.0.2
oraclewebcenter_portal
11.1.1.9.0
oraclewebcenter_portal
12.2.1.3.0
oracleweblogic_server
12.2.1.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bouncycastle
bullseye
1.68-2
fixed
stretch
not-affected
jessie
not-affected
bookworm
1.72-2
fixed
sid
1.77-1
fixed
trixie
1.77-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bouncycastle
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
needed
artful
ignored
xenial
not-affected
trusty
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html
https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574
https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
https://security.netapp.com/advisory/ntap-20190204-0003/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html
https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574
https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
https://security.netapp.com/advisory/ntap-20190204-0003/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html