exploitDog

GHSA-wjxj-5m7g-mg7q

Опубликовано: 23 нояб. 2023

Источник: github

Github: Прошло ревью

CVSS3: 5.5

Описание

Bouncy Castle Denial of Service (DoS)

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.

Ссылки

Пакеты

Наименование

org.bouncycastle:bcprov-ext-jdk16

maven

Затронутые версииВерсия исправления

< 1.73

1.73

Наименование

org.bouncycastle:bcprov-jdk14

maven

Затронутые версииВерсия исправления

< 1.73

1.73

Наименование

org.bouncycastle:bcprov-jdk15

maven

Затронутые версииВерсия исправления

< 1.73

1.73

Наименование

org.bouncycastle:bcprov-jdk15to18

maven

Затронутые версииВерсия исправления

< 1.73

1.73

Наименование

org.bouncycastle:bcprov-jdk16

maven

Затронутые версииВерсия исправления

< 1.73

1.73

Наименование

org.bouncycastle:bcprov-jdk15on

maven

Затронутые версииВерсия исправления

Отсутствует

Наименование

org.bouncycastle:bcpkix-jdk18on

maven

Затронутые версииВерсия исправления

< 1.73

1.73

Наименование

org.bouncycastle:bcprov-ext-jdk15on

maven

Затронутые версииВерсия исправления

< 1.73

1.73

Наименование

org.bouncycastle:bcprov-jdk18on

maven

Затронутые версииВерсия исправления

< 1.73

1.73

EPSS

Процентиль: 37%

0.00159

Низкий

5.5 Medium

CVSS3

CVE ID

Дефекты

CWE-400

Связанные уязвимости

CVE-2023-33202

CVSS3: 5.5

ubuntu

около 2 лет назад

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)

CVE-2023-33202

CVSS3: 5.5

redhat

около 2 лет назад

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)

CVE-2023-33202

CVSS3: 5.5

nvd

около 2 лет назад

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)

CVE-2023-33202

CVSS3: 5.5

debian

около 2 лет назад

Bouncy Castle for Java before 1.73 contains a potential Denial of Serv ...

BDU:2023-08233

CVSS3: 3.5

fstec

около 2 лет назад

Уязвимость средства криптографической защиты Bouncy Castle, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 37%

0.00159

Низкий

5.5 Medium

CVSS3

CVE ID

Дефекты

CWE-400