{"id":"CVE-2016-1000345","details":"In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.","aliases":["GHSA-9gp4-qrff-c648"],"modified":"2026-04-11T03:36:40.011524Z","published":"2018-06-04T21:29:00.270Z","related":["MGASA-2018-0376","openSUSE-SU-2024:10661-1"],"references":[{"type":"WEB","url":"https://usn.ubuntu.com/3727-1/"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20181127-0004/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2669"},{"type":"FIX","url":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bcgit/bc-java","events":[{"introduced":"0"},{"last_affected":"70b39c9a84327f522bcbe89d5a5fda65ebf630ac"},{"fixed":"21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.55"}]}}],"versions":["r1rv49","r1rv50","r1rv51","r1rv52","r1rv53","r1rv54","r1rv55"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1000345.json","vanir_signatures":[{"source":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35","signature_version":"v1","id":"CVE-2016-1000345-0b5f2f41","deprecated":false,"digest":{"length":1187,"function_hash":"179002864394440125546296262141155963161"},"signature_type":"Function","target":{"function":"doTest","file":"prov/src/test/java/org/bouncycastle/jce/provider/test/ECIESTest.java"}},{"source":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35","signature_version":"v1","id":"CVE-2016-1000345-36f7bd6b","deprecated":false,"digest":{"line_hashes":["257110398682481433913646121550467971355","275139457713088889193496192732839408392","120141119862494393332871221362606746459","98555545717287343597579031218036269416","262476176903423455415683873012012649757","236126975585969529256452292452654775703","228301448613255919213778006023918460002","199421667013008401166618630730784820060","181461491718249540226561462182354560729","208000640208179450921284794371222839393","121144880633302981805051983132905184195","48197964834373264991007164130497019958","250237296400504758329293754435434615416","323887388262990516327055875232228152350","91050259802795828121732650066675038719","219051996476605821750504285082147601464","221693319369876007668554799880357733237","249750791218091338535881837042703222390","211969297003247685384433616757851430931","335415331135937872129565386495268784166","37725671665673594001442632990016917464","279802053105416869716461603979060293224","255106541170989648718137929315627056163","59195640244517296077674599513913355302","174207722993317205854293454222599602538","18488347521554329033201535546803919389","312080259166499941131388615288774051616","47375795903788633760467768421859086921","74003011321786277715222864921226148487","226430299379077087770240709193272193524","44135455413434759346681526103352390987","44835840931507247733801529421482895914","190126394566284959000953682963277532720","125430739925203657684916805415748399891","114646932524859317925736748461841160392"],"threshold":0.9},"signature_type":"Line","target":{"file":"core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java"}},{"source":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35","signature_version":"v1","id":"CVE-2016-1000345-60ff6d44","deprecated":false,"digest":{"length":33,"function_hash":"39089181724069741817461182154925503651"},"signature_type":"Function","target":{"function":"getCause","file":"prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java"}},{"source":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35","signature_version":"v1","id":"CVE-2016-1000345-8b9c8e57","deprecated":false,"digest":{"line_hashes":["133697866731151265672225680018524328357","53940337058669385995677821186204241179","162587652367991775188636353534051259748","149242514917829256206034277858664344451","83129615900509335757111178825201322553","131610245248648995088831754171242197935","282655947336841952086215302463114604351"],"threshold":0.9},"signature_type":"Line","target":{"file":"prov/src/test/java/org/bouncycastle/jce/provider/test/DHIESTest.java"}},{"source":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35","signature_version":"v1","id":"CVE-2016-1000345-950318c8","deprecated":false,"digest":{"line_hashes":["321624275237868812560358200503511340568","252992669711907532151740084371513059315","215725833295398530877526940570012947649","242807135362491364543837791708042129235","108091918453620955508796412346085011476","16206430862202479163469620850912983262","92322523150649324961125601007102148471","311052508947229842446104995077956063146","108091918453620955508796412346085011476","16206430862202479163469620850912983262","92322523150649324961125601007102148471","324033912280635039277495668616057300842","138557350505491822280647072120731655818","269107568148865735204505861242477462061","92322523150649324961125601007102148471","179760790584636649966758999776519408882"],"threshold":0.9},"signature_type":"Line","target":{"file":"prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java"}},{"source":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35","signature_version":"v1","id":"CVE-2016-1000345-9b7ad954","deprecated":false,"digest":{"line_hashes":["290884778490768764010015169458877424153","12026916305708033123102667084846653426","314599721665988624857881943306815957432","119637279559202494723928472861109497518","270343360284056525849813041168651093009","277493311233249594815580003648280355773","148073170635695901140804734600411668348","10301837253880849880060823707725890398","132332263344578338766337379761451053465","28602299092353429804920981594400323051","135704388376014737888555534907436447735","226859003874278127015997238644392693493","123264274131735558900654989779005693854","186515462493508327284713194033878487063","119192621400126891672851326105264979977","329151139604705197224402627348618301137"],"threshold":0.9},"signature_type":"Line","target":{"file":"prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java"}},{"source":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35","signature_version":"v1","id":"CVE-2016-1000345-a5854ea3","deprecated":false,"digest":{"length":2183,"function_hash":"331106654742969245226299777496253548095"},"signature_type":"Function","target":{"function":"engineDoFinal","file":"prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java"}},{"source":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35","signature_version":"v1","id":"CVE-2016-1000345-c18bba17","deprecated":false,"digest":{"length":2193,"function_hash":"140118185031147262802754739786142862484"},"signature_type":"Function","target":{"function":"doTest","file":"prov/src/test/java/org/bouncycastle/jce/provider/test/DHIESTest.java"}},{"source":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35","signature_version":"v1","id":"CVE-2016-1000345-e17c2391","deprecated":false,"digest":{"length":1844,"function_hash":"276611188113432688644734577460184145416"},"signature_type":"Function","target":{"function":"engineDoFinal","file":"prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java"}},{"source":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35","signature_version":"v1","id":"CVE-2016-1000345-e1d26986","deprecated":false,"digest":{"length":330,"function_hash":"251689136952030208781600165520003599649"},"signature_type":"Function","target":{"function":"getOutput","file":"prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java"}},{"source":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35","signature_version":"v1","id":"CVE-2016-1000345-e6278a9e","deprecated":false,"digest":{"length":2395,"function_hash":"56844928725221502314709720318495311403"},"signature_type":"Function","target":{"function":"decryptBlock","file":"core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java"}},{"source":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35","signature_version":"v1","id":"CVE-2016-1000345-ef7a1bed","deprecated":false,"digest":{"line_hashes":["106553318140571015030369342386114195205","321700837721083068679241337587510366552","194927096250702901968581347171630401887","336501805394824774452202121353260409290","164122908957551891829280440650956902217","5365219131925419911924139518069086668"],"threshold":0.9},"signature_type":"Line","target":{"file":"prov/src/test/java/org/bouncycastle/jce/provider/test/ECIESTest.java"}},{"source":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35","signature_version":"v1","id":"CVE-2016-1000345-f18fdfc7","deprecated":false,"digest":{"line_hashes":["117156778294805355372990168580555487373","57634547334449502833002644437908286369","125211612767327776522542551602816523662","270647614890504322549047003157980368283","108091918453620955508796412346085011476","16206430862202479163469620850912983262","92322523150649324961125601007102148471","311052508947229842446104995077956063146","76996426437389174060864800108914609078","166047082815084493065887684215548931860","108091918453620955508796412346085011476","16206430862202479163469620850912983262","92322523150649324961125601007102148471","324033912280635039277495668616057300842","168158200681690004389575701854465484737","138557350505491822280647072120731655818","269107568148865735204505861242477462061","92322523150649324961125601007102148471","179760790584636649966758999776519408882"],"threshold":0.9},"signature_type":"Line","target":{"file":"prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java"}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"vanir_signatures_modified":"2026-04-11T03:36:40Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}