Vulnerability CVE-2016-1000340

Vulnerability Name:

CVE-2016-1000340 (CCN-151813)

Assigned:

2018-06-04

Published:

2018-06-04

Updated:

2020-10-20

Summary:

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-19

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2016-1000340

Source: REDHAT
Type: UNKNOWN
RHSA-2018:2669

Source: REDHAT
Type: UNKNOWN
RHSA-2018:2927

Source: XF
Type: UNKNOWN
bouncycastle-cve20161000340-weak-security(151813)

Source: CCN
Type: Bouncy Castle JCE Provider GIT Repository
Fix carry propagation bug in Nat square methods

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20181127-0004/

Source: CCN
Type: IBM Security Bulletin 6367945 (Sterling B2B Integrator)
Multiple Bouncy Castle Vulnerabilities Affect IBM Sterling B2B Integrator

Source: CCN
Type: IBM Security Bulletin 6444097 (Log Analysis)
Multiple vulnerabilities in Bouncy Castle affects Apache Solr shipped with IBM Operations Analytics - Log Analysis

Source: CCN
Type: IBM Security Bulletin 6496733 (Sterling B2B Integrator)
Bouncy Castle Vulnerabilities Affect IBM Sterling B2B Integrator

Source: CCN
Type: IBM Security Bulletin 6829593 (Sterling File Gateway)
IBM Sterling File Gateway is vulnerable to multiple issues due to Bouncy Castle

Source: MISC
Type: UNKNOWN
https://www.oracle.com/security-alerts/cpuoct2020.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:* (Version >= 1.51 and <= 1.55)

Configuration CCN 1:

cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:5.2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.0.3.2:*:*:*:standard:*:*:*

OR cpe:/a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*

OR cpe:/a:ibm:sterling_file_gateway:6.1.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20161000340	V	CVE-2016-1000340	2023-06-22
oval:org.opensuse.security:def:7993	P	bouncycastle-1.72-150200.3.12.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:3368	P	squashfs-4.3-6.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94998	P	bouncycastle-1.64-3.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:1378	P	Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP3) (Important)	2022-06-06
oval:org.opensuse.security:def:112022	P	bouncycastle-1.68-3.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105578	P	bouncycastle-1.68-3.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:72712	P	bouncycastle-1.64-1.63 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100828	P	enscript-1.6.6-1.17 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101251	P	bouncycastle-1.64-1.63 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1904	P	bouncycastle-1.64-1.63 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62993	P	bouncycastle-1.64-1.63 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:66795	P	Security update for python-httplib2 (Moderate)	2021-05-31
oval:org.opensuse.security:def:66703	P	Security update for slurm_18_08 (Important)	2020-12-18
oval:org.opensuse.security:def:107494	P	bouncycastle-1.64-1.63 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1847	P	bouncycastle-1.64-1.63 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117052	P	bouncycastle-1.64-1.63 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62936	P	bouncycastle-1.64-1.63 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72655	P	bouncycastle-1.64-1.63 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:94115	P	bouncycastle-1.64-1.63 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:70046	P	fontforge on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70151	P	bouncycastle on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73486	P	bouncycastle on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49765	P	zlib-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49819	P	bouncycastle on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73368	P	accountsservice on GA media (Moderate)	2020-12-01
oval:com.ubuntu.bionic:def:201610003400000000	V	CVE-2016-1000340 on Ubuntu 18.04 LTS (bionic) - medium.	2018-06-04
oval:com.ubuntu.artful:def:20161000340000	V	CVE-2016-1000340 on Ubuntu 17.10 (artful) - medium.	2018-06-04
oval:com.ubuntu.xenial:def:20161000340000	V	CVE-2016-1000340 on Ubuntu 16.04 LTS (xenial) - medium.	2018-06-04
oval:com.ubuntu.xenial:def:201610003400000000	V	CVE-2016-1000340 on Ubuntu 16.04 LTS (xenial) - medium.	2018-06-04
oval:com.ubuntu.bionic:def:20161000340000	V	CVE-2016-1000340 on Ubuntu 18.04 LTS (bionic) - medium.	2018-06-04
oval:com.ubuntu.disco:def:201610003400000000	V	CVE-2016-1000340 on Ubuntu 19.04 (disco) - medium.	2018-06-04
oval:com.ubuntu.cosmic:def:20161000340000	V	CVE-2016-1000340 on Ubuntu 18.10 (cosmic) - medium.	2018-06-04
oval:com.ubuntu.cosmic:def:201610003400000000	V	CVE-2016-1000340 on Ubuntu 18.10 (cosmic) - medium.	2018-06-04
oval:com.ubuntu.trusty:def:20161000340000	V	CVE-2016-1000340 on Ubuntu 14.04 LTS (trusty) - medium.	2018-06-04

BACK