CVE-2016-1000352
Published: 4 June 2018
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
Notes
Author | Note |
---|---|
mdeslaur | This is an intrusive change to introduce to Ubuntu 14.04 LTS. Marking as ignored. |
Priority
Status
Package | Release | Status |
---|---|---|
bouncycastle Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(1.57-1)
|
bionic |
Not vulnerable
(1.59-1)
|
|
cosmic |
Not vulnerable
(1.60-1)
|
|
disco |
Not vulnerable
(1.60-1)
|
|
eoan |
Not vulnerable
(1.60-1)
|
|
focal |
Not vulnerable
(1.60-1)
|
|
groovy |
Not vulnerable
(1.60-1)
|
|
hirsute |
Not vulnerable
(1.60-1)
|
|
impish |
Not vulnerable
(1.60-1)
|
|
jammy |
Not vulnerable
(1.60-1)
|
|
kinetic |
Not vulnerable
(1.60-1)
|
|
lunar |
Not vulnerable
(1.60-1)
|
|
trusty |
Does not exist
(trusty was ignored)
|
|
upstream |
Released
(1.56-1)
|
|
xenial |
Needed
|
|
mantic |
Not vulnerable
(1.60-1)
|
|
Patches: upstream: https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.4 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |