CVE-2016-1000344

CWE-310CWE-1310CWE-3259 documents7 sources
Severity
7.4HIGH
EPSS
0.4%
top 40.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Bouncycastle Bc-java
Timeline
PublishedJun 4
Latest updateOct 18

Description

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages5 packages

Debianbouncycastle< 1.56-1+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode2018-10-18
OSV
In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode2018-10-18
CVEList
CVE-2016-1000344: In the Bouncy Castle JCE Provider version 12018-06-04
OSV
CVE-2016-1000344: In the Bouncy Castle JCE Provider version 12018-06-04

📋Vendor Advisories

2
Red Hat
bouncycastle: DHIES implementation allowed the use of ECB mode2016-04-27
Debian
CVE-2016-1000344: bouncycastle - In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementat...2016

💬Community

2
Bugzilla
CVE-2016-1000344 bouncycastle: DHIES implementation allowed the use of ECB mode [epel-6]2018-06-07
Bugzilla
CVE-2016-1000344 bouncycastle: DHIES implementation allowed the use of ECB mode2018-06-07
CVE-2016-1000344 (HIGH CVSS 7.4) | In the Bouncy Castle JCE Provider v | cvebase.io