CVE-2016-1000344

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-1000344
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-1000344.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-1000344
Aliases
Downstream
Related
Published
2018-06-04T21:29:00.223Z
Modified
2026-05-14T12:17:16.915116Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

References

Affected packages

Git / github.com/bcgit/bc-java

Affected ranges

Type
GIT
Repo
https://github.com/bcgit/bc-java
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
70b39c9a84327f522bcbe89d5a5fda65ebf630ac
Database specific 
{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.55"
        }
    ]
}

Affected versions

Other
r1rv49
r1rv50
r1rv51
r1rv52
r1rv53
r1rv54
r1rv55

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-1000344.json"