GHSA-wjxj-5m7g-mg7q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wjxj-5m7g-mg7q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-wjxj-5m7g-mg7q/GHSA-wjxj-5m7g-mg7q.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wjxj-5m7g-mg7q
- Aliases
- Related
- Published
- 2023-11-23T18:30:33Z
- Modified
- 2024-10-22T05:28:59.117892Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Bouncy Castle Denial of Service (DoS)
- Details
-
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.
- Database specific
{ "nvd_published_at": "2023-11-23T16:15:07Z", "cwe_ids": [ "CWE-400" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-11-24T16:54:01Z" }- References
Affected packages
Maven / org.bouncycastle:bcprov-ext-jdk16
Package
- Name
- org.bouncycastle:bcprov-ext-jdk16
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcprov-ext-jdk16
Maven / org.bouncycastle:bcprov-jdk14
Package
- Name
- org.bouncycastle:bcprov-jdk14
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcprov-jdk14
Maven / org.bouncycastle:bcprov-jdk15
Package
- Name
- org.bouncycastle:bcprov-jdk15
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcprov-jdk15
Maven / org.bouncycastle:bcprov-jdk15to18
Package
- Name
- org.bouncycastle:bcprov-jdk15to18
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcprov-jdk15to18
Maven / org.bouncycastle:bcprov-jdk16
Package
- Name
- org.bouncycastle:bcprov-jdk16
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcprov-jdk16
Maven / org.bouncycastle:bcprov-jdk15on
Package
- Name
- org.bouncycastle:bcprov-jdk15on
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcprov-jdk15on
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Maven / org.bouncycastle:bcpkix-jdk18on
Package
- Name
- org.bouncycastle:bcpkix-jdk18on
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcpkix-jdk18on
Maven / org.bouncycastle:bcprov-ext-jdk15on
Package
- Name
- org.bouncycastle:bcprov-ext-jdk15on
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcprov-ext-jdk15on
Maven / org.bouncycastle:bcprov-jdk18on
Package
- Name
- org.bouncycastle:bcprov-jdk18on
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcprov-jdk18on