CVEs-PoC/2015/CVE-2015-7940.md at e294596ec596a2bf27139b60fc9b7d159af7096b

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-06-03 08:48:00 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

POC

Reference

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/IkerSaint/VULNAPP-vulnerable-app
https://github.com/RedHatProductSecurity/rhsecapi
https://github.com/auditt7708/rhsecapi
https://github.com/pctF/vulnerable-app

1.5 KiB Raw Blame History

CVE-2015-7940

Description

POC

Reference

Github

1.5 KiB

Raw Blame History