cve/CVE-2016-1000342.md at 694ac234a19db48cd3b1f78eb5f461ab1f6c99f7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 6100550298 Update CVE sources 2024-06-22 09:37

2024-06-22 09:37:59 +00:00

Description

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.

POC

Reference

https://www.oracle.com/security-alerts/cpuoct2020.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Anonymous-Phunter/PHunter
https://github.com/CGCL-codes/PHunter
https://github.com/IkerSaint/VULNAPP-vulnerable-app
https://github.com/LibHunter/LibHunter
https://github.com/pctF/vulnerable-app

1.0 KiB Raw Blame History

CVE-2016-1000342

Description

POC

Reference

Github

1.0 KiB

Raw Blame History