{"id":"CVE-2018-1000613","details":"Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.","aliases":["GHSA-4446-656p-f54g"],"modified":"2026-04-11T17:14:11.592657Z","published":"2018-07-09T20:29:00.283Z","related":["MGASA-2018-0376","openSUSE-SU-2020:0607-1","openSUSE-SU-2024:10661-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"11.1.2.4.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"2.6.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"2.6.1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"2.6.2"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"11.1.1.9.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"12.1.3.0.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"12.2.1.3.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"12.1.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"3.7.1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"3.8.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*"},{"extracted_events":[{"fixed":"7.0.0.1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"7.0.0.1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:communications_converged_application_server:7.0.0.1:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"3.0.2"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:communications_convergence:3.0.2:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"8.0.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"8.1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"8.2.1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"8.2"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*"},{"extracted_events":[{"fixed":"7.2"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"7.2"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"12.2.1.3.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"12.1.0.5.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"13.2.0.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"13.3.0.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"13.2.0.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"13.3.0.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.3.0.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"11.1.1.7.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"12.1.3.0.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"12.1.3.0.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"12.2.1.3.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"8.55"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"8.56"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"8.57"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"2.8.1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"7.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"7.1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"12.1.3.0.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"12.2.1.3.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"1.12.0.3"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"2.3.0.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"2.3.0.1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.1:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"2.3.0.2"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.2:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"11.1.1.9.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"12.2.1.3.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"12.2.1.3"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"15.1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"}]},"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190204-0003/"},{"type":"FIX","url":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"},{"type":"FIX","url":"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"type":"ARTICLE","url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bcgit/bc-java","events":[{"introduced":"816e35d947172edc2a9be110f468f3080c142fdf"},{"fixed":"52b0902592e770b8116f80f2eab7a4048b589d7d"},{"fixed":"4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"fixed":"cd98322b171b15b3f88c5ec871175147893c31e6"}],"database_specific":{"extracted_events":[{"introduced":"1.58"},{"fixed":"1.60"}],"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*"}}],"versions":["r1rv58","r1rv59"],"database_specific":{"vanir_signatures":[{"target":{"file":"core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2nField.java"},"id":"CVE-2018-1000613-06e2ce67","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["79775469864887449031726992528092264216","158020448775076717148906996085300653576","275812659444679279030003262053263665824","57278503947585445859251767525831897581","74119756330458871783370921674018064942","118273411051918065845843923256924887946","148852442757008927333200580381873057503","250998592048132938674930204515358802923","125163840561745554936585815403948754961","63304757771489612095144266106989644249","170001266251636232580758292101570792059","184593933047307143404523881051729105411","303344212268304043901630747029593601039"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"function":"checkParams","file":"core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowParameters.java"},"id":"CVE-2018-1000613-0cc263f0","deprecated":false,"digest":{"length":381,"function_hash":"227223140369740245223948291231522035309"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"function":"toByteArray","file":"core/src/main/java/org/bouncycastle/pqc/crypto/xmss/XMSSMTPrivateKeyParameters.java"},"id":"CVE-2018-1000613-11735383","deprecated":false,"digest":{"length":821,"function_hash":"327952941261157767834331833929653754052"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"function":"XMSSMTPrivateKeyParameters","file":"core/src/main/java/org/bouncycastle/pqc/crypto/xmss/XMSSMTPrivateKeyParameters.java"},"id":"CVE-2018-1000613-179e39bb","deprecated":false,"digest":{"length":2444,"function_hash":"40593747632515616269105429577166518626"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"function":"invertMatrix","file":"core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2nField.java"},"id":"CVE-2018-1000613-2f8456ff","deprecated":false,"digest":{"length":1237,"function_hash":"291749205239641627064544993430321062559"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"file":"core/src/main/java/org/bouncycastle/pqc/crypto/xmss/XMSSUtil.java"},"id":"CVE-2018-1000613-3a37baef","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["228121149018623912617392326711849242289","113432072202308777836065392287654795870","119743442702273367510532800177642306033","279981068374128684635698348565874765399","275460976710133388522032289775268837165","39730019454852082639768508744908083821","77755948226560311026505020504972862060","98120290507134027469030620592636300131","114506406009882571223294167510938465240","116592679243221374120377827492918418318","182003132177903483248986576158635341015","181558829554469776409576826728851572805"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6"},{"target":{"file":"core/src/main/java/org/bouncycastle/pqc/crypto/xmss/XMSSMTPrivateKeyParameters.java"},"id":"CVE-2018-1000613-452c378a","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["260808258535337420534859593858153728418","176727153518612167581494331046156221050","170411275965797319506170857906246494575","238124524395965669595592246618177063944","153765105464744392364247811377629727944","214859365001256719950136334449189169775","38903388089444900411605702542369215120","223234083532513567037138890745642520622","206956183530939346378895506425203096173","5372893027715315054532519305155437868","69068307713592695397874923581833820388","337863728116063297684784494111439439392","240082652120488184022735646413700970328","244115513026929131115630655010480508737","33985168174298843539034780120842262941","145528215598066981901398726858962061120","293752981480724691359916585113902624593","226643127558744427735658867322105052877","46957684359351158379441296531742121369","206038012585702199749500273558908736302","139546950907302729012764997609736667643","111923454759952950440177997718936044654","28865272907548654792727874939924050535","280763514022528270949418155475943368143","200791176147346642110416312180503881367","223234083532513567037138890745642520622","30339353970830538128873938407903337764","245159193500251544391256378646637157496","11610541896882226714416979050844409428","210209361724250474603716964282186356003","85028048790046198862217658301202202625","177861731154356467468591358035084045490"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"file":"prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/xmss/BCXMSSPrivateKey.java"},"id":"CVE-2018-1000613-4a7a2558","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["61670809531981877170862012141275597160","259627115090513307289995936186153772530","76218590950356198363649431969182023641","67168934831299499856866700046470394678"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"function":"deserialize","file":"core/src/main/java/org/bouncycastle/pqc/crypto/xmss/XMSSUtil.java"},"id":"CVE-2018-1000613-4c9c3206","deprecated":false,"digest":{"length":172,"function_hash":"19456477545752633028221251622818964347"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"file":"core/src/test/java/org/bouncycastle/pqc/crypto/test/XMSSMTPrivateKeyTest.java"},"id":"CVE-2018-1000613-5f19b732","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["41125377494222275837871747276799687855","61835199254813146631985946548838712470","302158362064387878592869676524536241366","248660044891211800998914070568770852330","331449019416426631550655659686491643286","193190697910389583443934124951084072461","286212788510477477326207581852744802869","60649032013475207950126260770611870811","105934779279294133122729479644342917892","166786830769226294165338787469427747843","241240877914044830420662897051743094664","286089642309564641839319809464834192712"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"file":"prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/xmss/BCXMSSMTPrivateKey.java"},"id":"CVE-2018-1000613-72d092ae","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["8412954963575388027927533055480065649","178079790681614749234787439905060238413","239121702071886537514465476372719931335","154543228642701496741049400492941124408"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"file":"core/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSKeyPairGenerator.java"},"id":"CVE-2018-1000613-7aaa790e","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["2833018344427856628243648612154888605","116363018200911795394136703826571043968","273645093740276185462703937017613152142","113485829037358620710591422125953350080","226661600723126748219303594931890905145","14233022817064155166260708009677958954","150444285499111050947383101346995861621","99305449711374557883247470528566629037","133219272372870221614301533642878356810","17446391479223233539778219856002992800","247844000681911718671815040811940526578","266250243955121902809319868046573315003","32701202992397974805962312629938134713","244119325599143224700000805085819049235","176530448955025839937513555131013175389","100513111617104617653262679829545640713","297283284316372957754475985115916582855","8902562633069448097089700699218471122"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"function":"testPrivateKeyParsingSHA256","file":"core/src/test/java/org/bouncycastle/pqc/crypto/test/XMSSMTPrivateKeyTest.java"},"id":"CVE-2018-1000613-8373f9d3","deprecated":false,"digest":{"length":352,"function_hash":"87969249621066119498033811034029559788"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"file":"core/src/main/java/org/bouncycastle/pqc/crypto/xmss/XMSSUtil.java"},"id":"CVE-2018-1000613-8c12f6e3","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["230052912887228113966427927179750011923","287887050542612040916719368136341447317","37191385464895716643839494425307223307","183479141494837055702314141811212354811","136361179921224229520579812874657990653","26187638750278918604891762605520646766","70350353095832571710704905266207366482","172282878114023748666997502722174503010","202292041008979895145666775085596228014"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"file":"core/src/main/java/org/bouncycastle/pqc/crypto/xmss/XMSSPrivateKeyParameters.java"},"id":"CVE-2018-1000613-9184194e","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["140423835287465713519223176211501846156","155701319257948483620872092424038662566","330643038039171088499302065190968840507","286069367972366590800569153144088021010","70152557041632875647517010047244051424","170732069116260628393667501687825939696","271952224398603712573042856882057870328","223234083532513567037138890745642520622","206956183530939346378895506425203096173","5372893027715315054532519305155437868","69068307713592695397874923581833820388","337863728116063297684784494111439439392","240082652120488184022735646413700970328","244115513026929131115630655010480508737","204487344509016101076854953261566825725","159486626357007639863681290418990625237","128383977914180318855830521879013210720","108399221428972533427333969657063992751","244662001773147553746884301596131431146","32237688758985284353017452343648658591","202753034795592500595398887729635834498","271355962667833480206252621651102455891","226643127558744427735658867322105052877"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"file":"core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowParameters.java"},"id":"CVE-2018-1000613-9963e4f8","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["173752393978752566799764572887984855826","336172993706778749945911556127390561622","338976692609441897856665140493681136605","186861585271180501377041445572709124902","313464672610500283835082170806369701782","55183376176353237597370413876886843013","282380586800142360765406859290878489851","119263822948100571975380117294536339356","105309240861057114757715772107182612384","272085203043633166490157426836221395419","1367067517896227047750001060721773399","103434884949461171043344427845475961087","68952555090785794212493854188173879268","119902201881262397632209638787009572758","112103600939018972451375399853417933400","334268098639271906315771653817993166296","299661475627473838739806603125722652579","57766972797322550201370847217493726957","264309184884966767799979034634443020006","36494542382637347177586218605109579063","100669610968375698563723722308114209729","228595494739691148452737776392294732106","143623702597284236672824663494296292456","216628819176825603862908918242355201886","333074141710635353878506192750459148821","239461441853134247922655958595810298397","234054081913830280642274358714603147401","159557833274617906596588511388891333456","79778703990503684401044650385921608332"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"function":"BCXMSSPrivateKey","file":"prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/xmss/BCXMSSPrivateKey.java"},"id":"CVE-2018-1000613-aa916764","deprecated":false,"digest":{"length":785,"function_hash":"294377225652623858920819964383752708110"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"function":"RainbowParameters","file":"core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowParameters.java"},"id":"CVE-2018-1000613-bc6d413f","deprecated":false,"digest":{"length":119,"function_hash":"124020280645835625015766319279376692467"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"function":"genKeyPair","file":"core/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSKeyPairGenerator.java"},"id":"CVE-2018-1000613-cb811d26","deprecated":false,"digest":{"length":2684,"function_hash":"109001758061308947475563124089222599383"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"function":"resolveClass","file":"core/src/main/java/org/bouncycastle/pqc/crypto/xmss/XMSSUtil.java"},"id":"CVE-2018-1000613-d53959ec","deprecated":false,"digest":{"length":300,"function_hash":"8132440936393220058096904522331279005"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6"},{"target":{"function":"BCXMSSMTPrivateKey","file":"prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/xmss/BCXMSSMTPrivateKey.java"},"id":"CVE-2018-1000613-e2b301ff","deprecated":false,"digest":{"length":806,"function_hash":"52368882895678476032056481631296331135"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"target":{"function":"XMSSPrivateKeyParameters","file":"core/src/main/java/org/bouncycastle/pqc/crypto/xmss/XMSSPrivateKeyParameters.java"},"id":"CVE-2018-1000613-ef89f412","deprecated":false,"digest":{"length":2538,"function_hash":"32718092164948884888585297082968739299"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"}],"vanir_signatures_modified":"2026-04-11T17:14:11Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000613.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}