First published: Mon Jun 04 2018(Updated: )
Bouncy Castle JCE Provider could provide weaker than expected security, caused by a flaw in the DHIES implementation. A remote attacker could exploit this vulnerability to launch further attacks on the system.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
IBM GDE | <=3.0.0.2 | |
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | <=1.55 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-1000344 is a vulnerability in the Bouncy Castle JCE Provider version 1.55 and earlier, which allows for weaker security in the DHIES implementation.
CVE-2016-1000344 affects Bouncy Castle JCE Provider by enabling a remote attacker to launch additional attacks on the system.
CVE-2016-1000344 has a severity rating of 7.4 (high).
CVE-2016-1000344 affects Bouncy Castle JCE Provider versions 1.55 and earlier, IBM GDE up to version 3.0.0.2, and Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api up to version 1.55.
To fix CVE-2016-1000344, update Bouncy Castle JCE Provider to version 1.56 or later.