PT-2018-4639 · Bouncy Castle+3 · Bouncy Castle Jce Provider+3

Publicado

2018-06-04

Atualizado

2024-06-15

CVE-2016-1000345

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Bouncy Castle JCE Provider versions 1.55 and earlier

Description The issue concerns a padding oracle attack in the DHIES/ECIES CBC mode. In environments where timings can be observed, an attacker can identify when decryption fails due to padding with enough observations.

Recommendations For Bouncy Castle JCE Provider versions 1.55 and earlier, consider updating to a version newer than 1.55 to mitigate the risk of a padding oracle attack. At the moment, there is no information about additional mitigation measures for this issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-361

Identificadores relacionados

CVE-2016-1000345

DLA-1418-1

GHSA-9GP4-QRFF-C648

MGASA-2018-0376

OPENSUSE-SU-2018_1689-1

OPENSUSE-SU-2024:10661-1

RHSA-2018:2927

USN-3727-1

Produtos afetados

Bouncy Castle Jce Provider

Jira

Suse

Ubuntu

PT-2018-4639 · Bouncy Castle+3 · Bouncy Castle Jce Provider+3

CVE-2016-1000345

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 50