CVE-2016-1000344
Published: 4 June 2018
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
Notes
| Author | Note |
|---|---|
| mdeslaur | This is an intrusive change to introduce to Ubuntu 14.04 LTS. Marking as ignored. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
bouncycastle Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(1.57-1)
|
| bionic |
Not vulnerable
(1.59-1)
|
|
| cosmic |
Not vulnerable
(1.60-1)
|
|
| disco |
Not vulnerable
(1.60-1)
|
|
| eoan |
Not vulnerable
(1.60-1)
|
|
| focal |
Not vulnerable
(1.60-1)
|
|
| groovy |
Not vulnerable
(1.60-1)
|
|
| hirsute |
Not vulnerable
(1.60-1)
|
|
| impish |
Not vulnerable
(1.60-1)
|
|
| jammy |
Not vulnerable
(1.60-1)
|
|
| kinetic |
Not vulnerable
(1.60-1)
|
|
| lunar |
Not vulnerable
(1.60-1)
|
|
| mantic |
Not vulnerable
(1.60-1)
|
|
| noble |
Not vulnerable
(1.60-1)
|
|
| trusty |
Does not exist
(trusty was ignored)
|
|
| upstream |
Released
(1.56-1)
|
|
| xenial |
Needed
|
|
|
Patches: upstream: https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.4 |
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |