Your submission was sent successfully! Close

CVE-2016-1000345

Published: 4 June 2018

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
bouncycastle
Launchpad, Ubuntu, Debian
artful Not vulnerable
(1.57-1)
bionic Not vulnerable
(1.59-1)
cosmic Not vulnerable
(1.60-1)
disco Not vulnerable
(1.60-1)
eoan Not vulnerable
(1.60-1)
focal Not vulnerable
(1.60-1)
groovy Not vulnerable
(1.60-1)
hirsute Not vulnerable
(1.60-1)
impish Not vulnerable
(1.60-1)
jammy Not vulnerable
(1.60-1)
precise Does not exist

trusty Does not exist
(trusty was released [1.49+dfsg-2ubuntu0.1])
upstream
Released (1.56-1)
xenial Ignored
(end of standard support, was needed)