Debian Linux Security Advisory 3417-1 - Tibor Jager, Jorg Schwenk, and Juraj Somorovsky, from Horst Gortz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve keys from different applications, for example, TLS servers.
158a825b04f0f40bb96f1d9a00a016aba3e89852c2b38ad9489af18ccb50c100