cvedb.io
CVE-2018-1000180
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2018-06-05T13:29:00.203 · Last modified 2026-06-17T01:32:37.217

Summary

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

Affected products

bouncycastle — bc-java

Does this affect you?

Add your gear to cvedb and we'll alert you only when bouncycastle ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.