Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)
Metrics
Affected Vendors & Products
References
History
Fri, 11 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 09 Sep 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Bouncycastle fips Java Api
|
|
CPEs | cpe:2.3:a:bouncycastle:fips_java_api:*:*:*:*:*:*:*:* | |
Vendors & Products |
Bouncycastle fips Java Api
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-11-23T00:00:00
Updated: 2024-10-11T18:05:47.384Z
Reserved: 2023-05-18T00:00:00
Link: CVE-2023-33202
Vulnrichment
Updated: 2024-08-02T15:39:35.778Z
NVD
Status : Modified
Published: 2023-11-23T16:15:07.273
Modified: 2024-11-21T08:05:07.057
Link: CVE-2023-33202
Redhat