CVE-2023-33202

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-33202
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33202.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-33202
Aliases
Related
Published
2023-11-23T16:15:07Z
Modified
2024-10-22T05:28:59.117892Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)

References

Affected packages

Debian:11 / bouncycastle

Package

Name
bouncycastle
Purl
pkg:deb/debian/bouncycastle?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.68-2
1.68-3
1.68-4
1.68-5
1.69-1
1.71-1
1.72-1
1.72-2
1.77-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / bouncycastle

Package

Name
bouncycastle
Purl
pkg:deb/debian/bouncycastle?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.72-2
1.77-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / bouncycastle

Package

Name
bouncycastle
Purl
pkg:deb/debian/bouncycastle?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.77-1

Affected versions

1.*

1.72-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/bcgit/bc-java

Affected ranges

Type
GIT
Repo
https://github.com/bcgit/bc-java
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

r1rv49
r1rv50
r1rv51
r1rv52
r1rv53
r1rv54
r1rv55
r1rv56
r1rv57
r1rv58
r1rv59
r1rv60
r1rv61
r1rv62
r1rv63
r1rv64
r1rv65
r1rv66
r1rv67
r1rv68
r1rv69
r1rv70
r1rv71