CVE-2016-1000338
CVSS v3.1
7.5 (High)
CVSS v2.0
5 (Medium)
EPSS
0.56 % (78th)
Affected Products
5
Advisories
2
NVD Status
Analyzed
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
Weaknesses
- CWE-347
- Improper Verification of Cryptographic Signature
- CVE Status
- PUBLISHED
- NVD Status
- Analyzed
- CNA
- MITRE
- Published Date
-
2018-06-01 20:29:00
(6 years ago) - Updated Date
-
2024-08-29 11:09:05
(2 weeks ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...