Vulnerability Description
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bouncycastle | Bc-Java | >= 1.58, < 1.60 |
| Netapp | Oncommand Workflow Automation | - |
| Opensuse | Leap | 15.1 |
| Oracle | Api Gateway | 11.1.2.4.0 |
| Oracle | Banking Platform | 2.6.0 |
| Oracle | Business Process Management Suite | 11.1.1.9.0 |
| Oracle | Business Transaction Management | 12.1.0 |
| Oracle | Communications Application Session Controller | 3.7.1 |
| Oracle | Communications Converged Application Server | < 7.0.0.1 |
| Oracle | Communications Convergence | 3.0.2 |
| Oracle | Communications Diameter Signaling Router | 8.0.0 |
| Oracle | Communications Webrtc Session Controller | < 7.2 |
| Oracle | Data Integrator | 12.2.1.3.0 |
| Oracle | Enterprise Manager Base Platform | 12.1.0.5.0 |
| Oracle | Enterprise Manager For Fusion Middleware | 13.2.0.0 |
| Oracle | Enterprise Repository | 11.1.1.7.0 |
| Oracle | Managed File Transfer | 12.1.3.0.0 |
| Oracle | Peoplesoft Enterprise Peopletools | 8.55 |
| Oracle | Retail Convenience And Fuel Pos Software | 2.8.1 |
| Oracle | Retail Xstore Point Of Service | 7.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.htmlMailing ListThird Party Advisory
- https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223Patch
- https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6Patch
- https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741Mailing List
- https://security.netapp.com/advisory/ntap-20190204-0003/Third Party Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2020.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2020.htmlPatchThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatchThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatchThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatchThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.htmlMailing ListThird Party Advisory
- https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223Patch
- https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6Patch
- https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741Mailing List
FAQ
What is CVE-2018-1000613?
CVE-2018-1000613 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsa...
How severe is CVE-2018-1000613?
CVE-2018-1000613 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-1000613?
Check the references section above for vendor advisories and patch information. Affected products include: Bouncycastle Bc-Java, Netapp Oncommand Workflow Automation, Opensuse Leap, Oracle Api Gateway, Oracle Banking Platform.