exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 6

CVE-2016-1000338

больше 7 лет назад

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.

CVSS3: 7.5

EPSS: Низкий

CVE-2016-1000338

больше 9 лет назад

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.

CVSS3: 4.8

EPSS: Низкий

CVE-2016-1000338

больше 7 лет назад

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.

CVSS3: 7.5

EPSS: Низкий

CVE-2016-1000338

больше 7 лет назад

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does no ...

CVSS3: 7.5

EPSS: Низкий

GHSA-4vhj-98r6-424h

больше 7 лет назад

In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate

CVSS3: 7.5

EPSS: Низкий

openSUSE-SU-2018:1689-1

больше 7 лет назад

Security update for bouncycastle

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2016-1000338 In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.	CVSS3: 7.5	0% Низкий	больше 7 лет назад
CVE-2016-1000338 In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.	CVSS3: 4.8	0% Низкий	больше 9 лет назад
CVE-2016-1000338 In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.	CVSS3: 7.5	0% Низкий	больше 7 лет назад
CVE-2016-1000338 In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does no ...	CVSS3: 7.5	0% Низкий	больше 7 лет назад
GHSA-4vhj-98r6-424h In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate	CVSS3: 7.5	0% Низкий	больше 7 лет назад
openSUSE-SU-2018:1689-1 Security update for bouncycastle			больше 7 лет назад

Уязвимостей на страницу