How severe is CVE-2016-1000340?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2016-1000340?

This is classified as CWE-19, which is a common weakness in software security.

CVE-2016-1000340 - HIGH Severity | CVSS 7.5

Vulnerability Description

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.

Related Vulnerabilities

CVE-2009-5155

HIGH

CVSS:7.5(High)

In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application e...

CWE-192009

CVE-2014-0997

HIGH

CVSS:7.5(High)

WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potent...

CWE-192014

CVE-2014-3223

HIGH

CVSS:7.5(High)

Huawei S9300 with software before V100R006SPH013 and S2300,S3300,S5300,S6300 with software before V100R006SPH010 support Y.1731 and therefore have the Y.1731 vulnerability in processing special packet...

CWE-192014

CVE-2015-0224

HIGH

CVSS:7.5(High)

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete ...

CWE-192015

CVE-2015-0689

HIGH

CVSS:7.5(High)

Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743.

CWE-192015

CVE-2015-7979

HIGH

CVSS:7.5(High)

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broa...

CWE-192015