IAIK Java Group Information for VU#845620

Multiple RSA implementations fail to properly handle signatures

Status

Affected

Vendor Statement

Current versions of IAIK-JCE (3.142) and IAIK-JCE ME (3.04) are not vulnerable. IAIK-JCE versions 3.14 and earlier and IAIK-JCE ME versions 3.03 and earlier are vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.