In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of ‘invisible’ data into a signed structure.
access.redhat.com/errata/RHSA-2018:2669
access.redhat.com/errata/RHSA-2018:2927
github.com/advisories/GHSA-4vhj-98r6-424h
github.com/bcgit/bc-java
github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0
lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
lists.debian.org/debian-lts-announce/2018/07/msg00009.html
nvd.nist.gov/vuln/detail/CVE-2016-1000338
security.netapp.com/advisory/ntap-20231006-0011
usn.ubuntu.com/3727-1
www.oracle.com/security-alerts/cpuoct2020.html