CVE-2018-1000180

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1000180
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000180.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-1000180
Aliases
Downstream
Related
Published
2018-06-05T13:29:00Z
Modified
2025-08-09T20:01:27Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

References

Affected packages

Git / github.com/bcgit/bc-java

Affected ranges

Type
GIT
Repo
https://github.com/bcgit/bc-java
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
22467b6e8fe19717ecdf201c0cf91bacf04a55ad
Fixed
73780ac522b7795fc165630aba8d5f5729acc839

Database specific 

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839",
            "signature_version": "v1",
            "target": {
                "file": "core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "257698838932714443289646009555494598341",
                    "289848681659626294251947604395719801481",
                    "156915566116362155606891889355124502872",
                    "26895649160699150255602757069596481226",
                    "220811889832895347815946836515128187770",
                    "47045332555838027236932019877537168760",
                    "22919438933150866736858579667051393581",
                    "143814390065555812665951859181297093884",
                    "237451756451439053358303576206498505327",
                    "277246556836375319833842980669284337346",
                    "130689352777683059142271724779473551753",
                    "336435536837793534198724193478017402442",
                    "17704946286379027993761977778742095203",
                    "260155809973710943641365639216995634088",
                    "7377602204838434508197526472147943878",
                    "187118732279990443988316599001482697228",
                    "214681161194493830139928104179165807571",
                    "250657119348606598417294254264344680167",
                    "144151817570865529575959812164844930523",
                    "90485390753289015655808852128637265999"
                ]
            },
            "id": "CVE-2018-1000180-4be11a56"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839",
            "signature_version": "v1",
            "target": {
                "file": "core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java",
                "function": "init"
            },
            "digest": {
                "function_hash": "26046904150781172814100366087529876009",
                "length": 160.0
            },
            "id": "CVE-2018-1000180-5e3a00a7"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad",
            "signature_version": "v1",
            "target": {
                "file": "core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java",
                "function": "chooseRandomPrime"
            },
            "digest": {
                "function_hash": "180386821627022930209336221623287827991",
                "length": 587.0
            },
            "id": "CVE-2018-1000180-7651a32a"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839",
            "signature_version": "v1",
            "target": {
                "file": "core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java",
                "function": "isProbablePrime"
            },
            "digest": {
                "function_hash": "315724511571408902034389038163610651938",
                "length": 140.0
            },
            "id": "CVE-2018-1000180-81d898a1"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad",
            "signature_version": "v1",
            "target": {
                "file": "core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java",
                "function": "isProbablePrime"
            },
            "digest": {
                "function_hash": "27729502142872267922297904038327336014",
                "length": 149.0
            },
            "id": "CVE-2018-1000180-8b6af0b8"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad",
            "signature_version": "v1",
            "target": {
                "file": "core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "37241332092936570627242432409298825798",
                    "195260635595133800691077600044648505596",
                    "285722143077504090987395592668400836412",
                    "171255120392971314891725930518442638777",
                    "319518172979322031606708392733565733104",
                    "265327114450227984543453889458859355433",
                    "202798530285906364200179439218695585720",
                    "197160571916195115317016901004995391026",
                    "269053106002936979940648009165920129944",
                    "11169404668320650517863205883520913898",
                    "8623795654927510216276052505167252789",
                    "169874198158942799182872929991717271321",
                    "327123855982038575496567462178584935276"
                ]
            },
            "id": "CVE-2018-1000180-d2c8940d"
        }
    ]
}