Miggo Logo
Miggo Vulnerability Database
CVE-2018-1000180

CVE-2018-1000180: Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-1000180
GHSA ID
GHSA-xqj7-j8j5-f2xr
EPSS Score
0.44762%
CWE
CWE-327
Published
10/16/2018
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.bouncycastle:bcprov-jdk14maven< 1.601.60
org.bouncycastle:bcprov-jdk15maven< 1.601.60

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The patches indicate that the vulnerability is related to the RSA key pair generation and primality testing. The functions identified are directly related to these operations and were modified to fix the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*oun*y **stl* ** *.** - *.**, **-*J* *.*.*, **-*J* *.*.* *n* **rli*r **v* * *l*w in t** Low-l*v*l int*r**** to RS* k*y p*ir **n*r*tor, sp**i*i**lly RS* K*y P*irs **n*r*t** in low-l*v*l *PI wit* ***** **rt*inty m*y **v* l*ss M-R t*sts t**n *xp**t**. T

Reasoning

T** p*t***s in*i**t* t**t t** vuln*r**ility is r*l*t** to t** RS* k*y p*ir **n*r*tion *n* prim*lity t*stin*. T** `*un*tions` i**nti*i** *r* *ir**tly r*l*t** to t**s* op*r*tions *n* w*r* mo*i*i** to *ix t** vuln*r**ility.