High severity7.5NVD Advisory· Published Jun 4, 2018· Updated Jun 17, 2026
CVE-2016-1000340
CVE-2016-1000340
Description
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.bouncycastle:bcprov-jdk14Maven | >= 1.51, < 1.56 | 1.56 |
org.bouncycastle:bcprov-jdk15Maven | >= 1.51, < 1.56 | 1.56 |
org.bouncycastle:bcprov-jdk15onMaven | >= 1.51, < 1.56 | 1.56 |
Affected products
4- ghsa-coords4 versionspkg:maven/org.bouncycastle/bcprov-jdk14pkg:maven/org.bouncycastle/bcprov-jdk15pkg:maven/org.bouncycastle/bcprov-jdk15onpkg:rpm/opensuse/bouncycastle&distro=openSUSE%20Tumbleweed
>= 1.51, < 1.56+ 3 more
- (no CPE)range: >= 1.51, < 1.56
- (no CPE)range: >= 1.51, < 1.56
- (no CPE)range: >= 1.51, < 1.56
- (no CPE)range: < 1.68-3.2
Patches
Vulnerability mechanics
References
8- github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-r97x-3g8f-gx3mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-1000340ghsaADVISORY
- access.redhat.com/errata/RHSA-2018:2669nvdWEB
- access.redhat.com/errata/RHSA-2018:2927nvdWEB
- security.netapp.com/advisory/ntap-20181127-0004ghsaWEB
- www.oracle.com/security-alerts/cpuoct2020.htmlnvdWEB
- security.netapp.com/advisory/ntap-20181127-0004/nvd
News mentions
0No linked articles in our index yet.