CVE-2016-1000344

Опубликовано: 04 июн. 2018

Источник: debian

Описание

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
bouncycastle	fixed	1.56-1		package
bouncycastle	ignored		jessie	package

Примечания

https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f

Связанные уязвимости

CVE-2016-1000344

CVSS3: 7.4

ubuntu

больше 7 лет назад

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

CVE-2016-1000344

CVSS3: 4.8

redhat

почти 10 лет назад

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

CVE-2016-1000344

CVSS3: 7.4

nvd

больше 7 лет назад

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

GHSA-2j2x-hx4g-2gf4

CVSS3: 7.4

github

больше 7 лет назад

In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode

openSUSE-SU-2018:1689-1

suse-cvrf

больше 7 лет назад

Security update for bouncycastle