VYPR
High severity7.5NVD Advisory· Published Jun 4, 2018· Updated Jun 17, 2026

CVE-2016-1000343

CVE-2016-1000343

Description

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.bouncycastle:bcprov-jdk14Maven
< 1.561.56
org.bouncycastle:bcprov-jdk15Maven
< 1.561.56
org.bouncycastle:bcprov-jdk15onMaven
< 1.561.56

Affected products

4

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.

CVE-2016-1000343 · High · VYPR