CVE-2019-17359

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-17359
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17359.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-17359
Aliases
Downstream
Related
Published
2019-10-08T14:15:10.573Z
Modified
2025-12-08T23:49:44.738153Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

References

Affected packages

Git / github.com/apache/tomee

Affected ranges

Type
GIT
Repo
https://github.com/apache/tomee
Events
Last affected
24420829cd7de768df247fa7b3c8ae62c13a68e2
Last affected
38d3d3041e8489c312ffaa9fa6c694e072b444e8
Last affected
4ec1e7e4017fceb7b40b582ad6897a49b84e7643
Introduced
20441ebda4f7afaa606f48b00fb5eb28053b69f1
Last affected
e9e6e96bf8e3d1e0ddcae4fc84b07f0914867b59

Affected versions

tomee-8.*

tomee-8.0.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17359.json"

Git / github.com/bcgit/bc-java

Affected ranges

Type
GIT
Repo
https://github.com/bcgit/bc-java
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c04b44271fa776c229f7085373897714ae4e71d7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17359.json"