CVE-2016-1000343

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-1000343
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-1000343.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-1000343
Aliases
Downstream
Related
Published
2018-06-04T13:29:00Z
Modified
2025-10-15T04:36:11Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.

References

Affected packages

Git / github.com/bcgit/bc-java

Affected ranges

Type
GIT
Repo
https://github.com/bcgit/bc-java
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
50a53068c094d6cff37659da33c9b4505becd389

Database specific

vanir_signatures

[
    {
        "id": "CVE-2016-1000343-205ba2dd",
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "prov/src/test/java/org/bouncycastle/jce/provider/test/DSATest.java"
        },
        "source": "https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "272960272851457067213669225105609542617",
                "40437591993253917580729287954800812592",
                "244117597628187691213480854404577928477",
                "256388720511189596835617265611611441182",
                "144834174902876871041848359847103006795",
                "109391545642665904104121926837062339161",
                "329942142184009405323326196099659975311",
                "44638415618053903489688011888839369597",
                "279435678809771383110381504409095219915",
                "149260297816348481157597294695995565899",
                "135202963780410441307750029108679602867"
            ],
            "threshold": 0.9
        }
    },
    {
        "id": "CVE-2016-1000343-394025c5",
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java"
        },
        "source": "https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "13355290723725349368745329989347618543",
                "132012456049536062486610142113253442680",
                "266566135274626677248422357772359090099",
                "67951718911132861200676972530867716392",
                "123227893897903794997018758524343559168",
                "125072645518652505202624749001375164121",
                "107204242373676434483157988757460451279",
                "234440885163403474179705305683870469747",
                "227689743794388119601251283389931386220",
                "46437445457244463402399530235552491256",
                "233676737684436282642951948705719036399",
                "262957240772312990909155497255796045702",
                "161559031118209141837246876192847496487",
                "124081888484579726664893620713637938254",
                "258117312511801216931746282811598433286",
                "155765287899303234545320164174264001128",
                "177791379852089713076714863354421810584",
                "71385015115912219243897975170110225611",
                "216952351133835419405455233238767730185",
                "318764821106349202931912140848248088135",
                "89337051256361544191950482851091403204",
                "117424738161216075649616111895930893878",
                "293054463246076210814968644804689224777",
                "145743308941858415062268333078653912371"
            ],
            "threshold": 0.9
        }
    },
    {
        "id": "CVE-2016-1000343-9d31b4a6",
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "prov/src/test/java/org/bouncycastle/jce/provider/test/DSATest.java",
            "function": "performTest"
        },
        "source": "https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389",
        "signature_version": "v1",
        "digest": {
            "length": 2337.0,
            "function_hash": "73808229874167972886948173315043521400"
        }
    },
    {
        "id": "CVE-2016-1000343-ccf1950b",
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java",
            "function": "generateKeyPair"
        },
        "source": "https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389",
        "signature_version": "v1",
        "digest": {
            "length": 421.0,
            "function_hash": "13749231353833127326132574748037856164"
        }
    },
    {
        "id": "CVE-2016-1000343-e28e69a3",
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java",
            "function": "initialize"
        },
        "source": "https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389",
        "signature_version": "v1",
        "digest": {
            "length": 312.0,
            "function_hash": "73127320062142693310826675929981259371"
        }
    }
]