5
CVSSv2

CVE-2019-17359

Published: 08/10/2019 Updated: 20/01/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.63

Vendor Advisories

This interim fix provides instructions on upgrading third parity libraries in IBM Spectrum Conductor 250 in order to address security vulnerabilities CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023, CVE-2019-17359, CVE-2019-8331, CVE-2018-1000632, CVE-2018-10237, CVE-2020-13956, CVE-2020-9488, CVE-2017-18214, CVE-2020-11979, CVE-202 ...
This interim fix provides instructions on upgrading third parity libraries in IBM Spectrum Symphony 731 in order to address security vulnerabilities CVE-2015-6420, CVE-2019-1311, CVE-2015-4852, CVE-2017-15708, CVE-2015-7501, CVE-2017-18214, CVE-2016-1000027, CVE-2019-8331, CVE-2016-7103, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-110 ...

Github Repositories

JQF + Zest: Semantic Fuzzing for Java JQF is a feedback-directed fuzz testing platform for Java (think: AFL/LibFuzzer but for JVM bytecode) JQF uses the abstraction of property-based testing, which makes it nice to write fuzz drivers as parameteric JUnit test methods JQF is built on top of junit-quickcheck JQF enables running junit-quickcheck style parameterized unit tests w

JQF + Zest: Semantic Fuzzing for Java JQF is a feedback-directed fuzz testing platform for Java (think: AFL/LibFuzzer but for JVM bytecode) JQF uses the abstraction of property-based testing, which makes it nice to write fuzz drivers as parameteric JUnit test methods JQF is built on top of junit-quickcheck JQF enables running junit-quickcheck style parameterized unit tests

JQF + Zest: Semantic Fuzzing for Java JQF is a feedback-directed fuzz testing platform for Java (think: AFL/LibFuzzer but for JVM bytecode) JQF uses the abstraction of property-based testing, which makes it nice to write fuzz drivers as parameteric JUnit test methods JQF is built on top of junit-quickcheck JQF enables running junit-quickcheck style parameterized unit tests

JQF + Zest: Semantic Fuzzing for Java JQF is a feedback-directed fuzz testing platform for Java (think: AFL/LibFuzzer but for JVM bytecode) JQF uses the abstraction of property-based testing, which makes it nice to write fuzz drivers as parameteric JUnit test methods JQF is built on top of junit-quickcheck JQF enables running junit-quickcheck style parameterized unit tests

caas-spring-boot-starters

SAP CX - CaaS Spring Boot Starters CaaS Modules caas-spring-boot-starter-error-handling caas-spring-boot-starter-logging caas-spring-boot-starter-kafka caas-spring-boot-starter-multitenant caas-spring-boot-starter-security caas-spring-boot-starter-swagger caas-spring-boot-starter-web caas-spring-boot-starter-test caas-spring-boot-starter-dependencies caas-spring-boot-starter-

References

CWE-770https://www.bouncycastle.org/latest_releases.htmlhttps://www.bouncycastle.org/releasenotes.htmlhttps://security.netapp.com/advisory/ntap-20191024-0006/https://www.oracle.com/security-alerts/cpujan2020.htmlhttps://lists.apache.org/thread.html/r467ade3fef3493f1fff1a68a256d087874e1f858ad1de7a49fe05d27@%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r4d475dcaf4f57115fa57d8e06c3823ca398b35468429e7946ebaefdc@%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r16c3a90cb35ae8a9c74fd5c813c16d6ac255709c9f9d71cd409e007d@%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209@%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r91b07985b1307390a58c5b9707f0b28ef8e9c9e1c86670459f20d601@%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/re60f980c092ada4bfe236dcfef8b6ca3e8f3b150fc0f51b8cc13d59d@%3Ccommits.tomee.apache.org%3Ehttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://lists.apache.org/thread.html/r8ecb5b76347f84b6e3c693f980dbbead88c25f77b815053c4e6f2c30@%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r79b6a6aa0dd1aeb57bd253d94794bc96f1ec005953c4bd5414cc0db0@%3Ccommits.tomee.apache.org%3Ehttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://nvd.nist.govhttps://github.com/usama54321/jqfhttps://github.com/Yangqyloki/caas-spring-boot-startershttps://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111516