mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
78 lines
2.3 KiB
JSON
78 lines
2.3 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "dgh@bouncycastle.org",
|
|
"ID" : "CVE-2016-1000344",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "Bouncy Castle JCE Provider",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "1.55 and before"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "The Legion of the Bouncy Castle Inc."
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f"
|
|
},
|
|
{
|
|
"name" : "https://security.netapp.com/advisory/ntap-20181127-0004/",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://security.netapp.com/advisory/ntap-20181127-0004/"
|
|
},
|
|
{
|
|
"name" : "RHSA-2018:2669",
|
|
"refsource" : "REDHAT",
|
|
"url" : "https://access.redhat.com/errata/RHSA-2018:2669"
|
|
},
|
|
{
|
|
"name" : "RHSA-2018:2927",
|
|
"refsource" : "REDHAT",
|
|
"url" : "https://access.redhat.com/errata/RHSA-2018:2927"
|
|
}
|
|
]
|
|
}
|
|
}
|