Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Legion of the Bouncy Castle Java library 安全漏洞
Vulnerability Description
Legion of the Bouncy Castle Java library是澳大利亚Legion of the Bouncy Castle公司的一个用于Java平台的开源的轻量级密码包。 Legion of the Bouncy Castle Java library 1.51之前版本中存在安全漏洞,该漏洞源于程序没有验证椭圆曲线中的点。远程攻击者可借助一系列特制的elliptic curve Diffie Hellman(ECDH)密钥交换利用该漏洞获取私钥。
CVSS Information
N/A
Vulnerability Type
N/A