Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)
History

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 09 Sep 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Bouncycastle fips Java Api
CPEs cpe:2.3:a:bouncycastle:fips_java_api:*:*:*:*:*:*:*:*
Vendors & Products Bouncycastle fips Java Api

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-11-23T00:00:00

Updated: 2024-10-11T18:05:47.384Z

Reserved: 2023-05-18T00:00:00

Link: CVE-2023-33202

cve-icon Vulnrichment

Updated: 2024-08-02T15:39:35.778Z

cve-icon NVD

Status : Modified

Published: 2023-11-23T16:15:07.273

Modified: 2024-11-21T08:05:07.057

Link: CVE-2023-33202

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-11-23T00:00:00Z

Links: CVE-2023-33202 - Bugzilla