GHSA-w285-wf9q-5w69
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w285-wf9q-5w69
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-w285-wf9q-5w69/GHSA-w285-wf9q-5w69.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-w285-wf9q-5w69
- Aliases
- Published
- 2018-10-17T16:27:38Z
- Modified
- 2024-02-17T05:32:15.805205Z
- Severity
-
- 7.4 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
- Details
-
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000352
- https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
- https://access.redhat.com/errata/RHSA-2018:2669
- https://access.redhat.com/errata/RHSA-2018:2927
- https://github.com/advisories/GHSA-w285-wf9q-5w69
- https://github.com/bcgit/bc-java
- https://security.netapp.com/advisory/ntap-20181127-0004
- https://www.oracle.com/security-alerts/cpuoct2020.html
Affected packages
Maven / org.bouncycastle:bcprov-jdk14
Package
- Name
- org.bouncycastle:bcprov-jdk14
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcprov-jdk14
Maven / org.bouncycastle:bcprov-jdk15
Package
- Name
- org.bouncycastle:bcprov-jdk15
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcprov-jdk15