CVE-2016-1000352

CWE-310CWE-326CWE-3259 documents7 sources
Severity
7.4HIGH
EPSS
0.4%
top 40.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Bouncycastle Bc-java
Timeline
PublishedJun 4
Latest updateOct 17

Description

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages5 packages

Debianbouncycastle< 1.56-1+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode2018-10-17
GHSA
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode2018-10-17
OSV
CVE-2016-1000352: In the Bouncy Castle JCE Provider version 12018-06-04
CVEList
CVE-2016-1000352: In the Bouncy Castle JCE Provider version 12018-06-04

📋Vendor Advisories

2
Red Hat
bouncycastle: ECIES implementation allowed the use of ECB mode2016-04-27
Debian
CVE-2016-1000352: bouncycastle - In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementat...2016

💬Community

2
Bugzilla
CVE-2016-1000352 bouncycastle: ECIES implementation allowed the use of ECB mode [epel-6]2018-06-07
Bugzilla
CVE-2016-1000352 bouncycastle: ECIES implementation allowed the use of ECB mode2018-06-07
CVE-2016-1000352 (HIGH CVSS 7.4) | In the Bouncy Castle JCE Provider v | cvebase.io