CVE-2018-1000613
- Source
- https://cve.org/CVERecord?id=CVE-2018-1000613
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000613.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-1000613
- Aliases
- Downstream
- Related
- Published
- 2018-07-09T20:29:00.283Z
- Modified
- 2026-05-15T12:03:37.866668009Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" ], "vendor_product": "opensuse:leap", "extracted_events": [ { "last_affected": "15.1" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:api_gateway", "extracted_events": [ { "last_affected": "11.1.2.4.0" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*" ], "vendor_product": "oracle:banking_platform", "extracted_events": [ { "last_affected": "2.6.0" }, { "last_affected": "2.6.1" }, { "last_affected": "2.6.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:business_process_management_suite", "extracted_events": [ { "last_affected": "11.1.1.9.0" }, { "last_affected": "12.1.3.0.0" }, { "last_affected": "12.2.1.3.0" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:business_transaction_management", "extracted_events": [ { "last_affected": "12.1.0" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:communications_application_session_controller", "extracted_events": [ { "last_affected": "3.7.1" }, { "last_affected": "3.8.0" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_converged_application_server:7.0.0.1:*:*:*:*:*:*:*" ], "vendor_product": "oracle:communications_converged_application_server", "extracted_events": [ { "fixed": "7.0.0.1" }, { "last_affected": "7.0.0.1" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:communications_convergence:3.0.2:*:*:*:*:*:*:*" ], "vendor_product": "oracle:communications_convergence", "extracted_events": [ { "last_affected": "3.0.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*" ], "vendor_product": "oracle:communications_diameter_signaling_router", "extracted_events": [ { "last_affected": "8.0.0" }, { "last_affected": "8.1" }, { "last_affected": "8.2" }, { "last_affected": "8.2.1" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*" ], "vendor_product": "oracle:communications_webrtc_session_controller", "extracted_events": [ { "fixed": "7.2" }, { "last_affected": "7.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:data_integrator", "extracted_events": [ { "last_affected": "12.2.1.3.0" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:enterprise_manager_base_platform", "extracted_events": [ { "last_affected": "12.1.0.5.0" }, { "last_affected": "13.2.0.0" }, { "last_affected": "13.3.0.0" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.3.0.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:enterprise_manager_for_fusion_middleware", "extracted_events": [ { "last_affected": "13.2.0.0" }, { "last_affected": "13.3.0.0" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:enterprise_repository", "extracted_events": [ { "last_affected": "11.1.1.7.0" }, { "last_affected": "12.1.3.0.0" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:managed_file_transfer", "extracted_events": [ { "last_affected": "12.1.3.0.0" }, { "last_affected": "12.2.1.3.0" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*" ], "vendor_product": "oracle:peoplesoft_enterprise_peopletools", "extracted_events": [ { "last_affected": "8.55" }, { "last_affected": "8.56" }, { "last_affected": "8.57" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*" ], "vendor_product": "oracle:retail_convenience_and_fuel_pos_software", "extracted_events": [ { "last_affected": "2.8.1" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" ], "vendor_product": "oracle:retail_xstore_point_of_service", "extracted_events": [ { "last_affected": "7.0" }, { "last_affected": "7.1" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:soa_suite", "extracted_events": [ { "last_affected": "12.1.3.0.0" }, { "last_affected": "12.2.1.3.0" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.2:*:*:*:*:*:*:*" ], "vendor_product": "oracle:utilities_network_management_system", "extracted_events": [ { "last_affected": "1.12.0.3" }, { "last_affected": "2.3.0.0" }, { "last_affected": "2.3.0.1" }, { "last_affected": "2.3.0.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:webcenter_portal", "extracted_events": [ { "last_affected": "11.1.1.9.0" }, { "last_affected": "12.2.1.3.0" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*" ], "vendor_product": "oracle:weblogic_server", "extracted_events": [ { "last_affected": "12.2.1.3" } ] } ] }- References
-
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html
- https://security.netapp.com/advisory/ntap-20190204-0003/
- https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574
- https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E