CVE-2016-1000352

Опубликовано: 04 июн. 2018

Источник: debian

EPSS Низкий

Описание

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
bouncycastle	fixed	1.56-1		package
bouncycastle	ignored		jessie	package

Примечания

https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f

EPSS

Процентиль: 59%

0.00386

Низкий

Связанные уязвимости

CVE-2016-1000352

CVSS3: 7.4

ubuntu

больше 7 лет назад

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

CVE-2016-1000352

CVSS3: 4.8

redhat

почти 10 лет назад

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

CVE-2016-1000352

CVSS3: 7.4

nvd

больше 7 лет назад

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

GHSA-w285-wf9q-5w69

CVSS3: 7.4

github

больше 7 лет назад

In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode

openSUSE-SU-2018:1689-1

suse-cvrf

больше 7 лет назад

Security update for bouncycastle

EPSS

Процентиль: 59%

0.00386

Низкий