Description
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
Remediation
References
https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0
https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
https://usn.ubuntu.com/3727-1/
https://access.redhat.com/errata/RHSA-2018:2669
https://access.redhat.com/errata/RHSA-2018:2927
https://www.oracle.com/security-alerts/cpuoct2020.html
https://security.netapp.com/advisory/ntap-20231006-0011/
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
Related Vulnerabilities
CVE-2020-7733 Vulnerability in maven package org.webjars.bowergithub.faisalman:ua-parser-js
CVE-2021-33623 Vulnerability in npm package trim-newlines
CVE-2016-1000282 Vulnerability in npm package haraka
CVE-2021-27185 Vulnerability in npm package samba-client
CVE-2022-22947 Vulnerability in maven package org.springframework.cloud:spring-cloud-gateway