CVE-2016-1000352 – org.bouncycastle:bcprov-jdk14

Package

Manager: maven
Name: org.bouncycastle:bcprov-jdk14
Vulnerable Version: >=0 <1.56

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00514 pctl0.65607

Details

In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

Metadata

Created: 2018-10-17T16:27:38Z
Modified: 2022-04-27T13:36:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-w285-wf9q-5w69/GHSA-w285-wf9q-5w69.json
CWE IDs: ["CWE-326"]
Alternative ID: GHSA-w285-wf9q-5w69
Finding: F052
Auto approve: 1