CVE-2016-1000342
Cryptographic Issue vulnerability in bcprov-jdk14 (Maven)
What is CVE-2016-1000342 About?
This cryptographic vulnerability in Bouncy Castle JCE Provider versions 1.55 and earlier impacts ECDSA signature verification. It allows extra elements in the ASN.1 signature sequence to pass validation, enabling the injection of 'invisible' data into signed structures. This can compromise the integrity and trustworthiness of signed data.
Affected Software
- org.bouncycastle:bcprov-jdk14
- <1.56
- org.bouncycastle:bcprov-jdk15
- <1.56
- org.bouncycastle:bcprov-jdk15on
- <1.56
Technical Details
The Bouncy Castle JCE Provider in versions 1.55 and prior contains a flaw in its Elliptic Curve Digital Signature Algorithm (ECDSA) implementation during signature verification. Specifically, the ASN.1 (Abstract Syntax Notation One) encoding validation for signatures is incomplete. An attacker can craft an ECDSA signature that includes extra, non-standard, or malformed elements within the ASN.1 sequence that constitutes the signature. Due to the insufficient validation, the Bouncy Castle verifier will still consider this modified signature valid. This allows an attacker to effectively embed 'invisible' data into the signed structure, compromising the integrity of the signed message without invalidating the signature itself. While the signature appears authentic, the underlying data has been tampered with or extended in a way that goes unnoticed by the faulty verification process. This could lead to a 'semantic mismatch' between what is believed to be signed and what actually is.
What is the Impact of CVE-2016-1000342?
Successful exploitation may allow attackers to tamper with signed data by injecting hidden elements, leading to a compromise of data integrity and the trustworthiness of digital signatures.
What is the Exploitability of CVE-2016-1000342?
Exploitation of this vulnerability requires an attacker to generate a malicious ECDSA signature that includes the extra, unrecognized ASN.1 elements while still being accepted by the vulnerable Bouncy Castle verifier. This is a complex cryptographic attack requiring in-depth knowledge of ECDSA and ASN.1 encoding. No authentication or elevated privileges are required for an attacker to present such a signature to a system using the vulnerable library. The attack can be remote, by transmitting the manipulated signed data. The primary risk factor is the reliance on the vulnerable Bouncy Castle library for integrity checks, particularly in systems where the signed content's exact structure is critical and might be subtly altered by such an attack.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2016-1000342?
Available Upgrade Options
- org.bouncycastle:bcprov-jdk15on
- <1.56 → Upgrade to 1.56
- org.bouncycastle:bcprov-jdk14
- <1.56 → Upgrade to 1.56
- org.bouncycastle:bcprov-jdk15
- <1.56 → Upgrade to 1.56
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://access.redhat.com/errata/RHSA-2018:2927
- https://github.com/advisories/GHSA-qcj7-g2j5-g7r3
- https://access.redhat.com/errata/RHSA-2018:2669
- https://access.redhat.com/errata/RHSA-2018:2669
- https://github.com/bcgit/bc-java
- https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
- https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647#diff-25c3c78db788365f36839b3f2d3016b9
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000342
- https://security.netapp.com/advisory/ntap-20181127-0004/
What are Similar Vulnerabilities to CVE-2016-1000342?
Similar Vulnerabilities: CVE-2015-7940 , CVE-2016-1000352 , CVE-2017-6427 , CVE-2019-3462 , CVE-2019-12293
