{"id":"CVE-2016-1000340","details":"In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.","aliases":["GHSA-r97x-3g8f-gx3m"],"modified":"2026-04-16T06:17:24.922012833Z","published":"2018-06-04T13:29:00.293Z","related":["openSUSE-SU-2024:10661-1"],"references":[{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2669"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20181127-0004/"},{"type":"FIX","url":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bcgit/bc-java","events":[{"introduced":"7107f91d9199401a19d4518d7c6b0f89e509d378"},{"last_affected":"70b39c9a84327f522bcbe89d5a5fda65ebf630ac"},{"fixed":"790642084c4e0cadd47352054f868cc8397e2c00"}],"database_specific":{"versions":[{"introduced":"1.51"},{"last_affected":"1.55"}]}}],"versions":["r1rv51","r1rv52","r1rv53","r1rv54","r1rv55"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1000340.json","vanir_signatures":[{"signature_version":"v1","deprecated":false,"id":"CVE-2016-1000340-1adfd433","source":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00","digest":{"length":2000,"function_hash":"94488520555349931873853949182459710249"},"signature_type":"Function","target":{"file":"core/src/main/java/org/bouncycastle/math/raw/Nat160.java","function":"square"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2016-1000340-2697d742","source":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00","digest":{"length":2236,"function_hash":"58994922172034438237012863531284423503"},"signature_type":"Function","target":{"file":"core/src/main/java/org/bouncycastle/math/raw/Nat160.java","function":"square"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2016-1000340-5417bca7","source":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00","digest":{"threshold":0.9,"line_hashes":["60388865091532489829183506249428233079","225052258672677441149922973801279870427","86521731562283326084166736055965107423","155766582746768132208336962369484543853","311540302120270784412481404782396631347","336034308736571311453457599491795836173","202912565637422964581709255663136102169","324096374174214470504751945136935895095","272493136239170152953323751184335906247","294696352135758872242310347607747886838","125536096527976832715516369460930714699","169133074809917392931783230309769669091","197156913925098695657692725422086733730","187613208362056969464640828801603084752","162667495626254651280174896699259063318","122864626385147078753325960174521250501","94072399684595854390902470139384682492","219420053986978758947456837390501079269","157676268948825083973750652217917932078","31315042331388932325569841356357973786","73826029496535282225636684403394566596","317851165121185994999352010752112504545","280447133684787578601288952888160750428","87868340647533249615589167794004575900","278186649565135102517567839578617450242","262550646066059723418460562478420035904","241911040186394957382287325930959296146","83917443869216155878807693616245438194"]},"signature_type":"Line","target":{"file":"core/src/main/java/org/bouncycastle/math/raw/Nat160.java"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2016-1000340-56119a58","source":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00","digest":{"length":1766,"function_hash":"173379956562823633444655387748379146061"},"signature_type":"Function","target":{"file":"core/src/main/java/org/bouncycastle/math/raw/Nat128.java","function":"square"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2016-1000340-662c8bc7","source":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00","digest":{"length":3593,"function_hash":"123035307202263373677071430153773530585"},"signature_type":"Function","target":{"file":"core/src/main/java/org/bouncycastle/math/raw/Nat256.java","function":"square"}},{"signature_version":"v1","id":"CVE-2016-1000340-8ca18221","digest":{"threshold":0.9,"line_hashes":["60388865091532489829183506249428233079","225052258672677441149922973801279870427","86521731562283326084166736055965107423","155766582746768132208336962369484543853","311540302120270784412481404782396631347","336034308736571311453457599491795836173","202912565637422964581709255663136102169","324096374174214470504751945136935895095","272493136239170152953323751184335906247","294696352135758872242310347607747886838","177635921750121206154853382412026426690","91798997907312641684922814972101817828","273725588425818673966158860792223645696","310225683941063096924764594564288080307","60816861878561549950364269800922963152","136246684283852792549403330331329486560","233825561704286927700283043505857991091","60622096130863707203614444989203714756","89507710646720818848907880433662838147","183056463848592615830227064784400762621","120761915172614118151795018519548595706","122359505531001776004048171874201495261","290377355501936912367018414905313197930","7151524741679006882223721260474739527","319135912602310847980273850629375886661","62092213643660737243112828471637867829","16197856522433730614083649158090611544","45334683845071122973905542756200607128","11152548005697389192459986222601015234","162667495626254651280174896699259063318","122864626385147078753325960174521250501","94072399684595854390902470139384682492","219420053986978758947456837390501079269","157676268948825083973750652217917932078","31315042331388932325569841356357973786","73826029496535282225636684403394566596","317851165121185994999352010752112504545","280447133684787578601288952888160750428","87868340647533249615589167794004575900","89220783497296564282045523877975210443","313798379155309655364947511935214253123","127846708069382065269399088776927842970","244257973317682214301140624924155413184","322509429957104310146160877103271152919","272755484027131273821234260331008089443","235975321796533952388465255253955238528","165408685110490002139208062713729674845","330214408880320252209270065047835390292","33486906602432933631979267125509806788","100590642154296398832743260260099669033","223965006118558577177386860892110725895","171816187472939114357375886883458630179","226339363231510652795047173167638381117","300781723136108659487177067110612509140","40700022427605555509895476995536225615","43353789184201644185336683736488235768","57712240481963747677442275307539778039","83882645519138407048232497301087523951"]},"source":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00","deprecated":false,"signature_type":"Line","target":{"file":"core/src/main/java/org/bouncycastle/math/raw/Nat256.java"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2016-1000340-9496e1bd","source":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00","digest":{"threshold":0.9,"line_hashes":["60388865091532489829183506249428233079","225052258672677441149922973801279870427","86521731562283326084166736055965107423","155766582746768132208336962369484543853","311540302120270784412481404782396631347","317419010837840989217732729399968327299","283700139519965654794444167918008400957","24335359771185436790215443420286736356","169168549738874309167534213291547453411","162667495626254651280174896699259063318","122864626385147078753325960174521250501","94072399684595854390902470139384682492","219420053986978758947456837390501079269","157676268948825083973750652217917932078","175244057951877094457069663936607455500","124442519375174944576839939348433100937","136204028811298158226575836385288729844","235013955171226304998785066277695661145"]},"signature_type":"Line","target":{"file":"core/src/main/java/org/bouncycastle/math/raw/Nat128.java"}},{"signature_version":"v1","deprecated":false,"digest":{"length":1581,"function_hash":"41118428257651833403339054913346920041"},"source":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00","id":"CVE-2016-1000340-a72f1538","signature_type":"Function","target":{"file":"core/src/main/java/org/bouncycastle/math/raw/Nat128.java","function":"square"}},{"signature_version":"v1","deprecated":false,"id":"CVE-2016-1000340-a9b14c1d","source":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00","digest":{"length":3329,"function_hash":"27633383338768068759198032262969848403"},"signature_type":"Function","target":{"file":"core/src/main/java/org/bouncycastle/math/raw/Nat224.java","function":"square"}},{"signature_version":"v1","digest":{"length":3949,"function_hash":"11208599187153895243431836854275631771"},"deprecated":false,"source":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00","id":"CVE-2016-1000340-b38c4890","signature_type":"Function","target":{"file":"core/src/main/java/org/bouncycastle/math/raw/Nat256.java","function":"square"}},{"signature_version":"v1","deprecated":false,"digest":{"length":2758,"function_hash":"224944844376450971286851170398594754537"},"source":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00","id":"CVE-2016-1000340-b516e6ff","signature_type":"Function","target":{"file":"core/src/main/java/org/bouncycastle/math/raw/Nat192.java","function":"square"}},{"signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["60388865091532489829183506249428233079","225052258672677441149922973801279870427","86521731562283326084166736055965107423","155766582746768132208336962369484543853","311540302120270784412481404782396631347","336034308736571311453457599491795836173","202912565637422964581709255663136102169","324096374174214470504751945136935895095","272493136239170152953323751184335906247","294696352135758872242310347607747886838","177635921750121206154853382412026426690","91798997907312641684922814972101817828","273725588425818673966158860792223645696","310225683941063096924764594564288080307","60816861878561549950364269800922963152","136246684283852792549403330331329486560","233825561704286927700283043505857991091","60622096130863707203614444989203714756","89507710646720818848907880433662838147","183056463848592615830227064784400762621","37032823149179990219764173479047108069","10865134604814395359319153236400328415","96240582998809830320711048044159642892","41235219836132499647262837206343032992","162667495626254651280174896699259063318","122864626385147078753325960174521250501","94072399684595854390902470139384682492","219420053986978758947456837390501079269","157676268948825083973750652217917932078","31315042331388932325569841356357973786","73826029496535282225636684403394566596","317851165121185994999352010752112504545","280447133684787578601288952888160750428","87868340647533249615589167794004575900","89220783497296564282045523877975210443","313798379155309655364947511935214253123","127846708069382065269399088776927842970","244257973317682214301140624924155413184","322509429957104310146160877103271152919","272755484027131273821234260331008089443","235975321796533952388465255253955238528","165408685110490002139208062713729674845","330214408880320252209270065047835390292","33486906602432933631979267125509806788","275433587818463500158127026831999657040","81100350673861287175118580746397192666","84067708798551410653791131787376026085","20684624959455093661789437034560730801"]},"source":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00","id":"CVE-2016-1000340-baad2244","signature_type":"Line","target":{"file":"core/src/main/java/org/bouncycastle/math/raw/Nat224.java"}},{"signature_version":"v1","deprecated":false,"digest":{"length":3013,"function_hash":"131405578449455604786363803559589886625"},"source":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00","id":"CVE-2016-1000340-d5d150b0","signature_type":"Function","target":{"file":"core/src/main/java/org/bouncycastle/math/raw/Nat224.java","function":"square"}},{"signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["60388865091532489829183506249428233079","225052258672677441149922973801279870427","86521731562283326084166736055965107423","155766582746768132208336962369484543853","311540302120270784412481404782396631347","336034308736571311453457599491795836173","202912565637422964581709255663136102169","324096374174214470504751945136935895095","272493136239170152953323751184335906247","294696352135758872242310347607747886838","177635921750121206154853382412026426690","91798997907312641684922814972101817828","273725588425818673966158860792223645696","310225683941063096924764594564288080307","60816861878561549950364269800922963152","296396644064472152673234004630782321629","162512062411799818829158101385209894944","193271716654370831284868326473822425848","248371627599185794120245610479884347909","162667495626254651280174896699259063318","122864626385147078753325960174521250501","94072399684595854390902470139384682492","219420053986978758947456837390501079269","157676268948825083973750652217917932078","31315042331388932325569841356357973786","73826029496535282225636684403394566596","317851165121185994999352010752112504545","280447133684787578601288952888160750428","87868340647533249615589167794004575900","89220783497296564282045523877975210443","313798379155309655364947511935214253123","127846708069382065269399088776927842970","244257973317682214301140624924155413184","322509429957104310146160877103271152919","324087641726546848324422446741312173649","130326624690536280672023723885641123164","116724889620870553742195914450537129361","91470542085241819001156106990998498482"]},"source":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00","id":"CVE-2016-1000340-e426ea75","signature_type":"Line","target":{"file":"core/src/main/java/org/bouncycastle/math/raw/Nat192.java"}},{"signature_version":"v1","deprecated":false,"digest":{"length":2482,"function_hash":"30631725459665882023055276089462194093"},"source":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00","id":"CVE-2016-1000340-ed6a6307","signature_type":"Function","target":{"file":"core/src/main/java/org/bouncycastle/math/raw/Nat192.java","function":"square"}}],"vanir_signatures_modified":"2026-04-11T03:36:41Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}