High severity7.5NVD Advisory· Published Jun 5, 2018· Updated Jun 17, 2026
CVE-2018-1000180
CVE-2018-1000180
Description
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.bouncycastle:bcprov-jdk14Maven | < 1.60 | 1.60 |
org.bouncycastle:bcprov-jdk15Maven | < 1.60 | 1.60 |
org.bouncycastle:bcprov-jdk15onMaven | < 1.60 | 1.60 |
Affected products
4- ghsa-coords4 versionspkg:maven/org.bouncycastle/bcprov-jdk14pkg:maven/org.bouncycastle/bcprov-jdk15pkg:maven/org.bouncycastle/bcprov-jdk15onpkg:rpm/opensuse/bouncycastle&distro=openSUSE%20Tumbleweed
< 1.60+ 3 more
- (no CPE)range: < 1.60
- (no CPE)range: < 1.60
- (no CPE)range: < 1.60
- (no CPE)range: < 1.68-3.2
Patches
Vulnerability mechanics
References
24- github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55adnvdPatchThird Party AdvisoryWEB
- github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839nvdPatchThird Party AdvisoryWEB
- security.netapp.com/advisory/ntap-20190204-0003/nvdPatchThird Party Advisory
- www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlnvdPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/106567nvdThird Party AdvisoryVDB EntryWEB
- access.redhat.com/errata/RHSA-2018:2423nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2424nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2425nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2428nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2643nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2669nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:0877nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-xqj7-j8j5-f2xrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1000180ghsaADVISORY
- www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-testnvdThird Party AdvisoryWEB
- www.debian.org/security/2018/dsa-4233nvdThird Party AdvisoryWEB
- lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3EghsaWEB
- security.netapp.com/advisory/ntap-20190204-0003ghsaWEB
- www.oracle.com/security-alerts/cpuApr2021.htmlnvdWEB
- www.oracle.com/security-alerts/cpuapr2020.htmlnvdWEB
- www.oracle.com/security-alerts/cpuoct2020.htmlnvdWEB
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlnvdWEB
- lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3Envd
News mentions
0No linked articles in our index yet.