CVE-2016-1000344 – org.bouncycastle:bcprov-jdk14

Package

Manager: maven
Name: org.bouncycastle:bcprov-jdk14
Vulnerable Version: >=0 <1.56

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00514 pctl0.65607

Details

In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

Metadata

Created: 2018-10-18T17:43:55Z
Modified: 2022-04-27T13:32:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-2j2x-hx4g-2gf4/GHSA-2j2x-hx4g-2gf4.json
CWE IDs: ["CWE-1310"]
Alternative ID: GHSA-2j2x-hx4g-2gf4
Finding: F063
Auto approve: 1