Vulnerability Description
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
CVSS Score
7.4
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bouncycastle | Bc-Java | <= 1.55 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2018:2669
- https://access.redhat.com/errata/RHSA-2018:2927
- https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1fPatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20181127-0004/
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://access.redhat.com/errata/RHSA-2018:2669
- https://access.redhat.com/errata/RHSA-2018:2927
- https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1fPatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20181127-0004/
- https://www.oracle.com/security-alerts/cpuoct2020.html
FAQ
What is CVE-2016-1000352?
CVE-2016-1000352 is a vulnerability with a CVSS score of 7.4 (HIGH). In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
How severe is CVE-2016-1000352?
CVE-2016-1000352 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1000352?
Check the references section above for vendor advisories and patch information. Affected products include: Bouncycastle Bc-Java.