Description
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
Remediation
References
https://access.redhat.com/errata/RHSA-2018:2669
https://access.redhat.com/errata/RHSA-2018:2927
https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
https://security.netapp.com/advisory/ntap-20231006-0011/
https://usn.ubuntu.com/3727-1/
https://www.oracle.com/security-alerts/cpuoct2020.html
Related Vulnerabilities
CVE-2017-2612 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2019-5483 Vulnerability in npm package seneca
CVE-2016-10692 Vulnerability in npm package haxeshim
CVE-2019-10219 Vulnerability in maven package org.hibernate.validator:hibernate-validator
CVE-2019-15477 Vulnerability in maven package org.jooby:jooby