CVE-2018-1000180

Impact:
Moderate
Public Date:
2018-04-18
CWE:
CWE-325
Bugzilla:
1588306: CVE-2018-1000180 bouncycastle: flaw in the low-level interface to RSA key pair generator
A vulnerability was found in BouncyCastle. The number of iterations of the Miller-Rabin primality test was incorrectly calculated (according to FIPS 186-4 C.3). Under some circumstances, this could lead to the generation of weak RSA key pairs.

Find out more about CVE-2018-1000180 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

CVSS v3 metrics

CVSS3 Base Score 4.8
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact Low
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (rhvm-appliance) RHSA-2018:2643 2018-09-04
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server (eap7-bouncycastle) RHSA-2018:2424 2018-08-15
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server (eap7-bouncycastle) RHSA-2018:2423 2018-08-15
Red Hat JBoss EAP 7.1 RHSA-2018:2425 2018-08-15
Red Hat Single Sign-On 7.2 RHSA-2018:2428 2018-08-15
Red Hat JBoss Fuse 7 RHSA-2018:2669 2018-09-11

Affected Packages State

Platform Package State
Red Hat Virtualization 4 eap7-bouncycastle Affected
Red Hat Subscription Asset Manager 1 bouncycastle Not affected
Red Hat Software Collections for Red Hat Enterprise Linux rh-eclipse46-bouncycastle Affected
Red Hat Single Sign-On 7 bouncycastle Under investigation
Red Hat Satellite 6 bouncycastle Affected
Red Hat OpenShift Application Runtimes 1.0 swarm Affected
Red Hat JBoss Fuse 6 bouncycastle Will not fix
Red Hat JBoss Data Virtualization 6 bouncycastle Under investigation
Red Hat JBoss Data Grid 7 bouncycastle Under investigation

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.