CVE-2023-33201

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-33201

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33201.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-33201

Aliases

Related

Published

2023-07-05T03:15:09Z

Modified

2024-10-22T05:28:49.779895Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.

References

Affected packages

Debian:11 / bouncycastle

Package

Name: bouncycastle
Purl: pkg:deb/debian/bouncycastle?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.68-2

1.68-3

1.68-4

1.68-5

1.69-1

1.71-1

1.72-1

1.72-2

1.77-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / bouncycastle

Package

Name: bouncycastle
Purl: pkg:deb/debian/bouncycastle?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.72-2

1.77-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / bouncycastle

Package

Name: bouncycastle
Purl: pkg:deb/debian/bouncycastle?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.77-1

Affected versions

1.*

1.72-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/bcgit/bc-java

Affected ranges

Type: GIT
Repo: https://github.com/bcgit/bc-java
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e8c409a8389c815ea3fda5e8b94c92fdfe583bcc

Affected versions

Other

r1rv49

r1rv50

r1rv51

r1rv52

r1rv53

r1rv54

r1rv55

r1rv56

r1rv57

r1rv58

r1rv59

r1rv60

r1rv61

r1rv62

r1rv63

r1rv64

r1rv65

r1rv66

r1rv67

r1rv68

r1rv69

r1rv70

r1rv71

r1rv73