High severity7.5NVD Advisory· Published Jun 4, 2018· Updated Jun 17, 2026
CVE-2016-1000342
CVE-2016-1000342
Description
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.bouncycastle:bcprov-jdk14Maven | < 1.56 | 1.56 |
org.bouncycastle:bcprov-jdk15Maven | < 1.56 | 1.56 |
org.bouncycastle:bcprov-jdk15onMaven | < 1.56 | 1.56 |
Affected products
4- ghsa-coords4 versionspkg:maven/org.bouncycastle/bcprov-jdk14pkg:maven/org.bouncycastle/bcprov-jdk15pkg:maven/org.bouncycastle/bcprov-jdk15onpkg:rpm/opensuse/bouncycastle&distro=openSUSE%20Tumbleweed
< 1.56+ 3 more
- (no CPE)range: < 1.56
- (no CPE)range: < 1.56
- (no CPE)range: < 1.56
- (no CPE)range: < 1.68-3.2
Patches
Vulnerability mechanics
References
11- github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-qcj7-g2j5-g7r3ghsaADVISORY
- lists.debian.org/debian-lts-announce/2018/07/msg00009.htmlnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2016-1000342ghsaADVISORY
- access.redhat.com/errata/RHSA-2018:2669nvdWEB
- access.redhat.com/errata/RHSA-2018:2927nvdWEB
- security.netapp.com/advisory/ntap-20181127-0004ghsaWEB
- usn.ubuntu.com/3727-1ghsaWEB
- www.oracle.com/security-alerts/cpuoct2020.htmlnvdWEB
- security.netapp.com/advisory/ntap-20181127-0004/nvd
- usn.ubuntu.com/3727-1/nvd
News mentions
0No linked articles in our index yet.