CVE-2016-1000342
N/A
N/A
Summary
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
- https://access.redhat.com/errata/RHSA-2018:2669
- https://usn.ubuntu.com/3727-1/
- https://access.redhat.com/errata/RHSA-2018:2927
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://security.netapp.com/advisory/ntap-20181127-0004/
- https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647#diff-25c3c78db788365f36839b3f2d3016b9
References
- https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
- https://access.redhat.com/errata/RHSA-2018:2669
- https://usn.ubuntu.com/3727-1/
- https://access.redhat.com/errata/RHSA-2018:2927
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://security.netapp.com/advisory/ntap-20181127-0004/
- https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647#diff-25c3c78db788365f36839b3f2d3016b9
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.