{"api_version":"1","generated_at":"2026-04-22T22:48:02+00:00","cve":"CVE-2016-1000344","urls":{"html":"https://cve.report/CVE-2016-1000344","api":"https://cve.report/api/cve/CVE-2016-1000344.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-1000344","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000344"},"summary":{"title":"CVE-2016-1000344","description":"In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-06-04 21:29:00","updated_at":"2020-10-20 22:15:00"},"problem_types":["CWE-310"],"metrics":[],"references":[{"url":"https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f","name":"https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"removed support for non-cbc mode ciphers in IES/ECIES · bcgit/bc-java@9385b0e · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2018:2927","name":"RHSA-2018:2927","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","name":"https://www.oracle.com/security-alerts/cpuoct2020.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - October 2020","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20181127-0004/","name":"https://security.netapp.com/advisory/ntap-20181127-0004/","refsource":"CONFIRM","tags":[],"title":"June 2018 Bouncy Castle Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2018:2669","name":"RHSA-2018:2669","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-1000344","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000344","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"1000344","vulnerable":"1","versionEndIncluding":"1.55","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bouncycastle","cpe5":"legion-of-the-bouncy-castle-java-crytography-api","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2016-1000344","qid":"981420","title":"Java (maven) Security Update for org.bouncycastle:bcprov-jdk15 (GHSA-2j2x-hx4g-2gf4)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2016-1000344","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"RHSA-2018:2669","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:2669"},{"name":"RHSA-2018:2927","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"name":"https://security.netapp.com/advisory/ntap-20181127-0004/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20181127-0004/"},{"name":"https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f","refsource":"CONFIRM","url":"https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f"}]}},"nvd":{"publishedDate":"2018-06-04 21:29:00","lastModifiedDate":"2020-10-20 22:15:00","problem_types":["CWE-310"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.4,"baseSeverity":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*","versionEndIncluding":"1.55","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"1000344","Ordinal":"128205","Title":"CVE-2016-1000344","CVE":"CVE-2016-1000344","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"1000344","Ordinal":"1","NoteData":"In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"1000344","Ordinal":"2","NoteData":"2018-06-04","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"1000344","Ordinal":"3","NoteData":"2020-10-20","Type":"Other","Title":"Modified"}]}}}