CVE-2016-1000345

Description

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.

CVSS Metrics

• v3.0•MEDIUM•Score: 5.9CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
• v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.80%• Percentile: 74%

Techniques & Countermeasures

• CWE-361•7PK - Time and State

  This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses related to the improper management of time and state in an environment that supports simultaneous or near-simultaneous computation by multiple systems, processes, or threads. According to the authors of the Seven Pernicious Kingdoms, "Distributed computation is about time and state. That is, in order for more than one component to communicate, state must be shared, and all that takes time. Most programmers anthropomorphize their work. They think about one thread of control carrying out the entire program in the same way they would if they had to do the job themselves. Modern computers, however, switch between tasks very quickly, and in multi-core, multi-CPU, or distributed systems, two events may take place at exactly the same time. Defects rush to fill the gap between the programmer's model of how a program executes and what happens in reality. These defects are related to unexpected interactions between threads, processes, time, and information. These interactions happen through shared state: semaphores, variables, the file system, and, basically, anything that can store information."

Affected Systems

• bouncycastle•bc-java

  ≤ 1.55

• debian•debian_linux

  8.0

• org.bouncycastle•bcprov-jdk14

  < 1.56

• org.bouncycastle•bcprov-jdk15

  < 1.56

• org.bouncycastle•bcprov-jdk15on

  < 1.56

References (11)

• https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
• https://access.redhat.com/errata/RHSA-2018:2669
• https://usn.ubuntu.com/3727-1/
• https://access.redhat.com/errata/RHSA-2018:2927
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://security.netapp.com/advisory/ntap-20181127-0004/
• https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098
• https://nvd.nist.gov/vuln/detail/CVE-2016-1000345
• https://github.com/advisories/GHSA-9gp4-qrff-c648
• https://security.netapp.com/advisory/ntap-20181127-0004
• https://usn.ubuntu.com/3727-1