BouncyCastle JCE TLS Bleichenbacher/ROBOT
Summary
| CVE | CVE-2017-13098 |
|---|---|
| State | PUBLISHED |
| Assigner | certcc |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-12-13 01:29:00 UTC |
| Updated | 2025-05-12 17:37:16 UTC |
| Description | BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT." |
Risk And Classification
Primary CVSS: v3.0 5.9 MEDIUM from [email protected]
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Problem Types: CWE-203 | CWE-203 CWE-203
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 5.9 | MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.0 | [email protected] | Secondary | 7.5 | HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.0 | CNA | DECLARED | 7.5 | HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 2.0 | [email protected] | Primary | 4.3 | AV:N/AC:M/Au:N/C:P/I:N/A:N |
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
NoneAvailability
NoneCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:M/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Bouncycastle | Bc-java | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Legion Of The Bouncy Castle | BouncyCastle TLS | affected <1.0.3 | all |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [security-announce] openSUSE-SU-2020:0607-1: moderate: Security update f | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Confirm size of decrypted PMS before using · bcgit/bc-java@a00b684 · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking, Patch, Third Party Advisory |
| Bouncy Castle CVE-2017-13098 Information Disclosure Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| VU#144389 - TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | Issue Tracking, Mitigation, Third Party Advisory, US Government Resource |
| Debian -- Security Information -- DSA-4072-1 bouncycastle | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Issue Tracking, Third Party Advisory |
| Oracle Critical Patch Update Advisory - October 2020 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | |
| CVE-2017-13098 Bouncy Castle TLS Vulnerability in NetApp Products | NetApp Product Security | af854a3a-2127-422b-91ae-364da2661108 | security.netapp.com | Issue Tracking, Third Party Advisory |
| The ROBOT Attack - Return of Bleichenbacher's Oracle Threat | af854a3a-2127-422b-91ae-364da2661108 | robotattack.org | Issue Tracking, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.