Skip to main content

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 05, 2018 - 13:29 nvd
HIGH 7.5

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 32 maven packages depend on org.bouncycastle:bcprov-jdk14 (4 direct, 28 indirect)
  • 6,188 maven packages depend on org.bouncycastle:bcprov-jdk15on (473 direct, 5,742 indirect)

Ecosystem-wide dependent count for version 1.60 and other introduced versions.

DescriptionNVD

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

AnalysisAI

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-327. Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. Affected products include: Bouncycastle Bc-Java, Bouncycastle Fips Java Api, Debian Debian Linux, Oracle Api Gateway, Oracle Business Process Management Suite.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-13098 HIGH POC
7.5 Dec 13

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic

CVE-2020-28052 HIGH POC
8.1 Dec 18

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. Rated high severity (CVSS 8.1), this vulne

CVE-2018-1000613 CRITICAL
9.8 Jul 09

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contain

CVE-2025-14813 CRITICAL
9.3 Apr 15

GOST CTR block cipher in Bouncy Castle BC-JAVA processes only the first 255 blocks correctly, causing silent data corrup

CVE-2026-5598 HIGH
8.9 Apr 15

Non-constant time comparison operations in the Legion of the Bouncy Castle BC-JAVA cryptographic library (core modules,

CVE-2026-3505 HIGH
8.7 Apr 15

Pre-authentication resource exhaustion in Bouncy Castle BC-JAVA PGP modules (bcpg) allows remote attackers to trigger de

CVE-2019-17359 HIGH
7.5 Oct 08

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resulta

CVE-2026-5588 MEDIUM
6.3 Apr 15

Signature verification bypass in Bouncy Castle BC-JAVA (bcpkix module versions 1.49-1.83) allows remote unauthenticated

CVE-2016-2427 MEDIUM
5.5 Apr 18

The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter

CVE-2026-0636 MEDIUM
5.5 Apr 15

LDAP injection in Bouncy Castle BC-JAVA bcprov module (versions 1.49 through 1.83) allows remote unauthenticated attacke

CVE-2023-33201 MEDIUM
5.3 Jul 05

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. Rated medium severity (CVSS 5.3), thi

CVE-2018-5382 MEDIUM
4.4 Apr 16

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity

Share

CVE-2018-1000180 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy