CVE-2016-1000344
In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode
7.4
HIGH
CVSS 3.1
EPSS 0.39%
Description
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
How to fix CVE-2016-1000344
To remediate CVE-2016-1000344, upgrade the affected package to a fixed version below.
- —upgrade to 1.56-1 or later
- —upgrade to 1.56 or later
- —upgrade to 1.56 or later
- —upgrade to 1.56 or later
Is CVE-2016-1000344 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 1.56-1
- from 0, < 1.56
- from 0, < 1.56
- from 0, < 1.56
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.4 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |