CVE-2016-1000343
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000343
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-1000343.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-1000343
- Aliases
- Downstream
- Related
- Published
- 2018-06-04T13:29:00Z
- Modified
- 2025-08-09T20:01:25Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.
- References
-
- https://access.redhat.com/errata/RHSA-2018:2669
- https://access.redhat.com/errata/RHSA-2018:2927
- https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389#diff-5578e61500abb2b87b300d3114bdfd7d
- https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
- https://security.netapp.com/advisory/ntap-20181127-0004/
- https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
- https://usn.ubuntu.com/3727-1/
- https://www.oracle.com/security-alerts/cpuoct2020.html
Affected packages
Debian:11 / bouncycastle
Package
- Name
- bouncycastle
- Purl
- pkg:deb/debian/bouncycastle?arch=source
Debian:12 / bouncycastle
Package
- Name
- bouncycastle
- Purl
- pkg:deb/debian/bouncycastle?arch=source
Debian:13 / bouncycastle
Package
- Name
- bouncycastle
- Purl
- pkg:deb/debian/bouncycastle?arch=source
Debian:14 / bouncycastle
Package
- Name
- bouncycastle
- Purl
- pkg:deb/debian/bouncycastle?arch=source
Git / github.com/bcgit/bc-java
Affected ranges
- Type
- GIT
- Repo
- https://github.com/bcgit/bc-java
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
{
"vanir_signatures": [
{
"target": {
"file": "prov/src/test/java/org/bouncycastle/jce/provider/test/DSATest.java"
},
"digest": {
"line_hashes": [
"272960272851457067213669225105609542617",
"40437591993253917580729287954800812592",
"244117597628187691213480854404577928477",
"256388720511189596835617265611611441182",
"144834174902876871041848359847103006795",
"109391545642665904104121926837062339161",
"329942142184009405323326196099659975311",
"44638415618053903489688011888839369597",
"279435678809771383110381504409095219915",
"149260297816348481157597294695995565899",
"135202963780410441307750029108679602867"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389",
"id": "CVE-2016-1000343-205ba2dd",
"signature_type": "Line",
"deprecated": false
},
{
"target": {
"file": "prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java"
},
"digest": {
"line_hashes": [
"13355290723725349368745329989347618543",
"132012456049536062486610142113253442680",
"266566135274626677248422357772359090099",
"67951718911132861200676972530867716392",
"123227893897903794997018758524343559168",
"125072645518652505202624749001375164121",
"107204242373676434483157988757460451279",
"234440885163403474179705305683870469747",
"227689743794388119601251283389931386220",
"46437445457244463402399530235552491256",
"233676737684436282642951948705719036399",
"262957240772312990909155497255796045702",
"161559031118209141837246876192847496487",
"124081888484579726664893620713637938254",
"258117312511801216931746282811598433286",
"155765287899303234545320164174264001128",
"177791379852089713076714863354421810584",
"71385015115912219243897975170110225611",
"216952351133835419405455233238767730185",
"318764821106349202931912140848248088135",
"89337051256361544191950482851091403204",
"117424738161216075649616111895930893878",
"293054463246076210814968644804689224777",
"145743308941858415062268333078653912371"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389",
"id": "CVE-2016-1000343-394025c5",
"signature_type": "Line",
"deprecated": false
},
{
"target": {
"file": "prov/src/test/java/org/bouncycastle/jce/provider/test/DSATest.java",
"function": "performTest"
},
"digest": {
"length": 2337.0,
"function_hash": "73808229874167972886948173315043521400"
},
"signature_version": "v1",
"source": "https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389",
"id": "CVE-2016-1000343-9d31b4a6",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"file": "prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java",
"function": "generateKeyPair"
},
"digest": {
"length": 421.0,
"function_hash": "13749231353833127326132574748037856164"
},
"signature_version": "v1",
"source": "https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389",
"id": "CVE-2016-1000343-ccf1950b",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"file": "prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java",
"function": "initialize"
},
"digest": {
"length": 312.0,
"function_hash": "73127320062142693310826675929981259371"
},
"signature_version": "v1",
"source": "https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389",
"id": "CVE-2016-1000343-e28e69a3",
"signature_type": "Function",
"deprecated": false
}
]
}