Bug 1601096 (CVE-2018-1000613) - CVE-2018-1000613 bouncycastle: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information
Summary: CVE-2018-1000613 bouncycastle: lack of class checking in deserialization of X...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2018-1000613
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1601099 1601098 1700961
Blocks: 1601100
TreeView+ depends on / blocked
 
Reported: 2018-07-13 21:01 UTC by Laura Pardo
Modified: 2021-02-16 23:59 UTC (History)
46 users (show)

Fixed In Version: bouncycastle 1.60
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-07-31 07:18:19 UTC


Attachments (Terms of Use)

Description Laura Pardo 2018-07-13 21:01:28 UTC
A flaw was found in Legion of the Bouncy Castle Java Cryptography APIs version prior to 1.60. A lack of class checking in the deserialization of XMSS/XMSS^MT private keys with BDS state information can result in the execution of unexpected code.


References:
https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574 	
https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc

Comment 1 Laura Pardo 2018-07-13 21:02:20 UTC
Created bouncycastle tracking bugs for this issue:

Affects: epel-all [bug 1601099]
Affects: fedora-all [bug 1601098]

Comment 2 Doran Moppert 2018-07-16 01:21:09 UTC
Statement:

The XMSS/XMSS^MT algorithms were first introduced in upstream bouncycastle version 1.57.  Versions prior to this, that have not had the new algorithms back-ported, are not affected.

Comment 9 Product Security DevOps Team 2019-07-31 07:18:19 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-1000613


Note You need to log in before you can comment on or make changes to this bug.