CVE-2019-17359

Source
https://cve.org/CVERecord?id=CVE-2019-17359
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17359.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-17359
Aliases
Downstream
Related
Published
2019-10-08T14:15:10.573Z
Modified
2026-07-08T05:56:27.107915677Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

Database specific
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "7.3"
                },
                {
                    "introduced": "7.3"
                },
                {
                    "introduced": "9.5"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "netapp:active_iq_unified_manager",
            "cpes": [
                "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
                "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
                "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "3.0.1.0"
                },
                {
                    "last_affected": "3.0.2.1"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "oracle:communications_convergence",
            "cpes": [
                "cpe:2.3:a:oracle:communications_convergence:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "8.0.0"
                },
                {
                    "last_affected": "8.2.2"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "oracle:communications_diameter_signaling_router",
            "cpes": [
                "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "8.2.0"
                },
                {
                    "last_affected": "8.2.2"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "oracle:communications_session_route_manager",
            "cpes": [
                "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "8.0.6"
                },
                {
                    "last_affected": "8.0.9"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "oracle:financial_services_analytical_applications_infrastructure",
            "cpes": [
                "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "12.2.1.3.0"
                },
                {
                    "last_affected": "12.2.1.3.0"
                },
                {
                    "introduced": "12.2.1.4.0"
                },
                {
                    "last_affected": "12.2.1.4.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:business_process_management_suite",
            "cpes": [
                "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "cpes": [
                "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:data_integrator",
            "extracted_events": [
                {
                    "introduced": "12.2.1.4.0"
                },
                {
                    "last_affected": "12.2.1.4.0"
                }
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "12.0.0"
                },
                {
                    "last_affected": "12.0.0"
                },
                {
                    "introduced": "12.1.0"
                },
                {
                    "last_affected": "12.1.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:flexcube_private_banking",
            "cpes": [
                "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "4.2.0"
                },
                {
                    "last_affected": "4.2.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:hospitality_guest_access",
            "cpes": [
                "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "12.2.1.3.0"
                },
                {
                    "last_affected": "12.2.1.3.0"
                },
                {
                    "introduced": "12.2.1.4.0"
                },
                {
                    "last_affected": "12.2.1.4.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:managed_file_transfer",
            "cpes": [
                "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "9.2"
                },
                {
                    "last_affected": "9.2"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:peoplesoft_enterprise_hcm_global_payroll_switzerland",
            "cpes": [
                "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_switzerland:9.2:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "8.56"
                },
                {
                    "last_affected": "8.56"
                },
                {
                    "introduced": "8.57"
                },
                {
                    "last_affected": "8.57"
                },
                {
                    "introduced": "8.58"
                },
                {
                    "last_affected": "8.58"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:peoplesoft_enterprise_peopletools",
            "cpes": [
                "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*"
            ]
        },
        {
            "cpes": [
                "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.1:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:retail_xstore_point_of_service",
            "extracted_events": [
                {
                    "introduced": "18.0.1"
                },
                {
                    "last_affected": "18.0.1"
                }
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "12.2.1.3.0"
                },
                {
                    "last_affected": "12.2.1.3.0"
                },
                {
                    "introduced": "12.2.1.4.0"
                },
                {
                    "last_affected": "12.2.1.4.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:soa_suite",
            "cpes": [
                "cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "11.1.1.9.0"
                },
                {
                    "last_affected": "11.1.1.9.0"
                },
                {
                    "introduced": "12.2.1.3.0"
                },
                {
                    "last_affected": "12.2.1.3.0"
                },
                {
                    "introduced": "12.2.1.4.0"
                },
                {
                    "last_affected": "12.2.1.4.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:webcenter_portal",
            "cpes": [
                "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "cpes": [
                "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:weblogic_server",
            "extracted_events": [
                {
                    "introduced": "12.2.1.3.0"
                },
                {
                    "last_affected": "12.2.1.3.0"
                },
                {
                    "introduced": "12.2.1.4.0"
                },
                {
                    "last_affected": "12.2.1.4.0"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/apache/tomee

Affected ranges

Type
GIT
Repo
https://github.com/apache/tomee
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": [
        "cpe:2.3:a:apache:tomee:7.0.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomee:7.1.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomee:8.0.1:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "7.0.7"
        },
        {
            "last_affected": "7.0.7"
        },
        {
            "introduced": "7.1.2"
        },
        {
            "last_affected": "7.1.2"
        },
        {
            "introduced": "8.0.1"
        },
        {
            "last_affected": "8.0.1"
        }
    ]
}

Affected versions

7.*
7.0.7
7.1.2
8.*
8.0.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17359.json"

Git / github.com/bcgit/bc-java

Affected ranges

Type
GIT
Repo
https://github.com/bcgit/bc-java
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:bouncycastle:bc-java:1.63:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.63"
        },
        {
            "last_affected": "1.63"
        }
    ]
}

Affected versions

1.*
1.63
Other
r1rv63

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17359.json"