CVE-2016-1000346

LOW Year: 2016
CVSS v3 Score
3.7
Low
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-320
View all →

Vulnerability Description

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.

Related Vulnerabilities

CVE-2024-10920

LOW
CVSS:3.7(Low)

A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\src\m...

CWE-3202024

CVE-2025-5164

MEDIUM
CVSS:3.7(Low)

A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-...

CWE-3202025

CVE-2019-1586

MEDIUM
CVSS:4.6(Medium)

A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affect...

CWE-3202019

CVE-2018-7534

MEDIUM
CVSS:4.7(Medium)

In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory.

CWE-3202018

CVE-2016-2217

MEDIUM
CVSS:5.3(Medium)

The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.

CWE-3202016

CVE-2018-7559

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in ...

CWE-3202018