Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-33202

Published: 23/11/2023 Updated: 25/01/2024
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Bouncy Castle For Java

Vulnerability Summary

Bouncy Castle for Java prior to 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and previous versions are affected; BC-FJA 1.0.2.4 is fixed.)

Vulnerable Product Search on Vulmon Subscribe to Product

bouncycastle bouncy castle for java

Vendor Advisories

Debian CVElist Bug Report Logs: bouncycastle: CVE-2023-33202
Debian Bug report logs - #1056754 bouncycastle: CVE-2023-33202 Package: src:bouncycastle; Maintainer for src:bouncycastle is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 25 Nov 2023 21:45:06 UTC Severity: important Tags: secur ...
Red Hat:
Description<!---->A flaw was found in Bouncy Castle for the Java pkix module, which is vulnerable to a potential Denial of Service (DoS) issue within the orgbouncycastleopensslPEMParser class This class parses OpenSSL PEM encoded streams containing X509 certificates, PKCS8 encoded keys, and PKCS7 objects Parsing a file that has crafted ASN1 ...

References

CWE-400https://bouncycastle.orghttps://github.com/bcgit/bc-java/wiki/CVE-2023-33202https://security.netapp.com/advisory/ntap-20240125-0001/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056754https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-33202
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook