CVE-2015-7940

Name of the Vulnerable Software and Affected Versions Bouncy Castle Java library versions prior to 1.51 openSUSE (affected versions not specified)

Description The issue is related to an "invalid curve attack" where remote attackers can obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges due to the lack of validation of a point within the elliptic curve. This can be exploited by making changes to the elliptic curve Diffie-Hellman algorithm, allowing an attacker to gain access to the private key.

Recommendations For Bouncy Castle Java library versions prior to 1.51, update to version 1.51 or later to resolve the issue. For openSUSE, at the moment, there is no information about a newer version that contains a fix for this vulnerability.