Описание
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 1.57-1 |
| bionic | not-affected | 1.59-1 |
| cosmic | not-affected | 1.60-1 |
| devel | not-affected | 1.60-1 |
| disco | not-affected | 1.60-1 |
| eoan | not-affected | 1.60-1 |
| esm-apps/bionic | not-affected | 1.59-1 |
| esm-apps/focal | not-affected | 1.60-1 |
| esm-apps/jammy | not-affected | 1.60-1 |
| esm-apps/noble | not-affected | 1.60-1 |
Показывать по
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does no ...
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
5 Medium
CVSS2
7.5 High
CVSS3