Vulnerability Database

310,057

Total vulnerabilities in the database

CVE-2016-1000344

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

Published: Jun 4, 2018
Updated: Nov 9, 2025
CVE: CVE-2016-1000344
GHSA: GHSA-2j2x-hx4g-2gf4
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-310
CWE-1310

Affected Software
References

Software	From	Fixed in
org.bouncycastle / bcprov-jdk14	-	1.56
org.bouncycastle / bcprov-jdk15	-	1.56
bouncycastle / bc-java	-	1.55.x

https://access.redhat.com/errata/RHSA-2018:2669
https://access.redhat.com/errata/RHSA-2018:2927
https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
https://security.netapp.com/advisory/ntap-20181127-0004/
https://www.oracle.com/security-alerts/cpuoct2020.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo