CVE-2019-17359

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-17359

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17359.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-17359

Aliases

GHSA-2mh8-gx2m-mr75

Related

openSUSE-SU-2024:10661-1

Published

2019-10-08T14:15:10Z

Modified

2024-09-03T02:29:18.236061Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

References

Affected packages

Git / github.com/apache/tomee

Affected ranges

Type: GIT
Repo: https://github.com/apache/tomee
Events: Last affected

24420829cd7de768df247fa7b3c8ae62c13a68e2

Last affected

38d3d3041e8489c312ffaa9fa6c694e072b444e8

Last affected

4ec1e7e4017fceb7b40b582ad6897a49b84e7643

Introduced

20441ebda4f7afaa606f48b00fb5eb28053b69f1

Last affected

e9e6e96bf8e3d1e0ddcae4fc84b07f0914867b59

Type: GIT
Repo: https://github.com/bcgit/bc-java
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

4703c1df0c7766526b08968e445bcae26622cee2

Affected versions

Other

r1rv49

r1rv50

r1rv51

r1rv52

r1rv53

r1rv54

r1rv55

r1rv56

r1rv57

r1rv58

r1rv59

r1rv60

r1rv61

r1rv62

r1rv63

tomee-8.*

tomee-8.0.6