Description

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.

Remediation

References

https://access.redhat.com/errata/RHSA-2018:2669

https://access.redhat.com/errata/RHSA-2018:2927

https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E

https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html

https://security.netapp.com/advisory/ntap-20231006-0011/

https://usn.ubuntu.com/3727-1/

https://www.oracle.com/security-alerts/cpuoct2020.html

Related Vulnerabilities

CVE-2022-24847 Vulnerability in maven package org.geoserver.community:gs-jdbcconfig

CVE-2019-10397 Vulnerability in maven package org.jenkins-ci.plugins:aqua-serverless

CVE-2022-23457 Vulnerability in maven package org.owasp.esapi:esapi

CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee10:jetty-ee10-servlets

CVE-2019-19771 Vulnerability in npm package wallet-address-validtaor

Severity

High

Classification

CWE-347 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Third Party Advisory Patch Mailing List