7.5
CVSSv3

CVE-2019-17359

CVSSv4: NA | CVSSv3: 7.5 | CVSSv2: 5 | VMScore: 850 | EPSS: 0.01064 | KEV: Not Included
Published: 08/10/2019 Updated: 21/11/2024

Vulnerability Summary

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.63

apache tomee 7.0.7

apache tomee 7.1.2

apache tomee 8.0.1

netapp active iq unified manager

netapp oncommand api services -

netapp oncommand workflow automation -

netapp service level manager -

oracle business process management suite 12.2.1.3.0

oracle business process management suite 12.2.1.4.0

oracle communications convergence

oracle communications diameter signaling router

oracle communications session route manager

oracle data integrator 12.2.1.4.0

oracle financial services analytical applications infrastructure

oracle flexcube private banking 12.0.0

oracle flexcube private banking 12.1.0

oracle hospitality guest access 4.2.0

oracle managed file transfer 12.2.1.3.0

oracle managed file transfer 12.2.1.4.0

oracle peoplesoft enterprise hcm global payroll switzerland 9.2

oracle peoplesoft enterprise peopletools 8.56

oracle peoplesoft enterprise peopletools 8.57

oracle peoplesoft enterprise peopletools 8.58

oracle retail xstore point of service 18.0.1

oracle soa suite 12.2.1.3.0

oracle soa suite 12.2.1.4.0

oracle webcenter portal 11.1.1.9.0

oracle webcenter portal 12.2.1.3.0

oracle webcenter portal 12.2.1.4.0

oracle weblogic server 12.2.1.3.0

oracle weblogic server 12.2.1.4.0

References

CWE-770https://nvd.nist.govhttps://www.first.org/epsshttps://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r16c3a90cb35ae8a9c74fd5c813c16d6ac255709c9f9d71cd409e007d%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r467ade3fef3493f1fff1a68a256d087874e1f858ad1de7a49fe05d27%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r4d475dcaf4f57115fa57d8e06c3823ca398b35468429e7946ebaefdc%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r79b6a6aa0dd1aeb57bd253d94794bc96f1ec005953c4bd5414cc0db0%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r8ecb5b76347f84b6e3c693f980dbbead88c25f77b815053c4e6f2c30%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r91b07985b1307390a58c5b9707f0b28ef8e9c9e1c86670459f20d601%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/re60f980c092ada4bfe236dcfef8b6ca3e8f3b150fc0f51b8cc13d59d%40%3Ccommits.tomee.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20191024-0006/https://www.bouncycastle.org/latest_releases.htmlhttps://www.bouncycastle.org/releasenotes.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r16c3a90cb35ae8a9c74fd5c813c16d6ac255709c9f9d71cd409e007d%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r467ade3fef3493f1fff1a68a256d087874e1f858ad1de7a49fe05d27%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r4d475dcaf4f57115fa57d8e06c3823ca398b35468429e7946ebaefdc%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r79b6a6aa0dd1aeb57bd253d94794bc96f1ec005953c4bd5414cc0db0%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r8ecb5b76347f84b6e3c693f980dbbead88c25f77b815053c4e6f2c30%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r91b07985b1307390a58c5b9707f0b28ef8e9c9e1c86670459f20d601%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/re60f980c092ada4bfe236dcfef8b6ca3e8f3b150fc0f51b8cc13d59d%40%3Ccommits.tomee.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20191024-0006/https://www.bouncycastle.org/latest_releases.htmlhttps://www.bouncycastle.org/releasenotes.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html