High severity7.5NVD Advisory· Published Jun 1, 2018· Updated Jun 17, 2026
CVE-2016-1000338
CVE-2016-1000338
Description
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.bouncycastle:bcprov-jdk14Maven | >= 1.38, < 1.56 | 1.56 |
org.bouncycastle:bcprov-jdk15Maven | >= 1.38, < 1.56 | 1.56 |
org.bouncycastle:bcprov-jdk15onMaven | >= 1.38, < 1.56 | 1.56 |
Affected products
4- ghsa-coords4 versionspkg:maven/org.bouncycastle/bcprov-jdk14pkg:maven/org.bouncycastle/bcprov-jdk15pkg:maven/org.bouncycastle/bcprov-jdk15onpkg:rpm/opensuse/bouncycastle&distro=openSUSE%20Tumbleweed
>= 1.38, < 1.56+ 3 more
- (no CPE)range: >= 1.38, < 1.56
- (no CPE)range: >= 1.38, < 1.56
- (no CPE)range: >= 1.38, < 1.56
- (no CPE)range: < 1.68-3.2
Patches
Vulnerability mechanics
References
13- github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7fnvdPatchThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2669nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2927nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-4vhj-98r6-424hghsaADVISORY
- lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3EnvdThird Party AdvisoryWEB
- lists.debian.org/debian-lts-announce/2018/07/msg00009.htmlnvdMailing ListThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2016-1000338ghsaADVISORY
- security.netapp.com/advisory/ntap-20231006-0011/nvdThird Party Advisory
- usn.ubuntu.com/3727-1/nvdThird Party Advisory
- www.oracle.com/security-alerts/cpuoct2020.htmlnvdThird Party AdvisoryWEB
- lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3EghsaWEB
- security.netapp.com/advisory/ntap-20231006-0011ghsaWEB
- usn.ubuntu.com/3727-1ghsaWEB
News mentions
0No linked articles in our index yet.