From d2482363d0e9237c9aa070d5a47f19b9a0f06539 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 1 Jun 2018 16:04:03 -0400 Subject: [PATCH] - Synchronized data. --- 2016/1000xxx/CVE-2016-1000338.json | 114 +++++++++++++++-------------- 2018/11xxx/CVE-2018-11672.json | 18 +++++ 2 files changed, 76 insertions(+), 56 deletions(-) create mode 100644 2018/11xxx/CVE-2018-11672.json diff --git a/2016/1000xxx/CVE-2016-1000338.json b/2016/1000xxx/CVE-2016-1000338.json index 9c6c7337c7f..021b7a618b8 100644 --- a/2016/1000xxx/CVE-2016-1000338.json +++ b/2016/1000xxx/CVE-2016-1000338.json @@ -1,60 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "dgh@bouncycastle.org", - "ID": "CVE-2016-1000338", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "The Legion of the Bouncy Castle Inc.", - "product": { - "product_data": [ - { - "product_name": "Bouncy Castle JCE Provider", - "version": { - "version_data": [ - { - "version_value": "1.55 and before" - } + "CVE_data_meta" : { + "ASSIGNER" : "dgh@bouncycastle.org", + "ID" : "CVE-2016-1000338", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Bouncy Castle JCE Provider", + "version" : { + "version_data" : [ + { + "version_value" : "1.55 and before" + } + ] + } + } ] - } - } - ] - } - } + }, + "vendor_name" : "The Legion of the Bouncy Castle Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure." + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-461: Data Processing Errors" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure." - } - ] - } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-461: Data Processing Errors" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0", + "refsource" : "CONFIRM", + "url" : "https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0" + } + ] + } } diff --git a/2018/11xxx/CVE-2018-11672.json b/2018/11xxx/CVE-2018-11672.json new file mode 100644 index 00000000000..749df338905 --- /dev/null +++ b/2018/11xxx/CVE-2018-11672.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11672", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +}