vulnerability

Debian: CVE-2016-1000352: bouncycastle -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Jun 4, 2018	Jul 30, 2024	Mar 30, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Jun 4, 2018

Added

Jul 30, 2024

Modified

Mar 30, 2026

Description

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

Solution

debian-upgrade-bouncycastle

References

CVE-2016-100035
https://attackerkb.com/topics/CVE-2016-100035
EUVD-EUVD-2018-0703
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-0703

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report