GHSA-wjxj-5m7g-mg7q

Source

https://github.com/advisories/GHSA-wjxj-5m7g-mg7q

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-wjxj-5m7g-mg7q/GHSA-wjxj-5m7g-mg7q.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-wjxj-5m7g-mg7q

Aliases

Downstream

MINI-mxj5-7g88-hmg8

Related

CGA-hq55-qp37-gwm6

Published

2023-11-23T18:30:33Z

Modified

2024-10-22T05:28:59.117892Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Bouncy Castle Denial of Service (DoS)

Details

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.

Database specific

{
    "severity": "MODERATE",
    "nvd_published_at": "2023-11-23T16:15:07Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "github_reviewed_at": "2023-11-24T16:54:01Z",
    "github_reviewed": true
}

References

Affected packages

Maven

org.bouncycastle:bcprov-ext-jdk16

Package

Name: org.bouncycastle:bcprov-ext-jdk16; View open source insights on deps.dev
Purl: pkg:maven/org.bouncycastle/bcprov-ext-jdk16

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.73

Affected versions

1.*

1.45

1.46

org.bouncycastle:bcprov-jdk14

Package

Name: org.bouncycastle:bcprov-jdk14; View open source insights on deps.dev
Purl: pkg:maven/org.bouncycastle/bcprov-jdk14

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.73

Affected versions

1.*

1.38

1.43

1.44

1.45

1.46

1.47

1.48

1.49

1.50

1.51

1.53

1.54

1.55

1.56

1.57

1.58

1.59

1.60

1.61

1.62

1.63

1.64

1.65

1.67

1.68

1.69

1.70

1.71

1.72

org.bouncycastle:bcprov-jdk15

Package

Name: org.bouncycastle:bcprov-jdk15; View open source insights on deps.dev
Purl: pkg:maven/org.bouncycastle/bcprov-jdk15

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.73

Affected versions

1.*

1.32

1.38

1.40

1.43

1.44

1.45

1.46

org.bouncycastle:bcprov-jdk15to18

Package

Name: org.bouncycastle:bcprov-jdk15to18; View open source insights on deps.dev
Purl: pkg:maven/org.bouncycastle/bcprov-jdk15to18

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.73

Affected versions

1.*

1.63

1.64

1.65

1.66

1.67

1.68

1.69

1.70

1.71

1.72

org.bouncycastle:bcprov-jdk16

Package

Name: org.bouncycastle:bcprov-jdk16; View open source insights on deps.dev
Purl: pkg:maven/org.bouncycastle/bcprov-jdk16

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.73

Affected versions

1.*

1.38

1.40

1.43

1.44

1.45

1.46

org.bouncycastle:bcprov-jdk15on

Package

Name: org.bouncycastle:bcprov-jdk15on; View open source insights on deps.dev
Purl: pkg:maven/org.bouncycastle/bcprov-jdk15on

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.46

1.47

1.48

1.49

1.50

1.51

1.52

1.53

1.54

1.55

1.56

1.57

1.58

1.59

1.60

1.61

1.62

1.63

1.64

1.65

1.65.01

1.66

1.67

1.68

1.69

1.70

Database specific

last_known_affected_version_range

"< 1.70"

org.bouncycastle:bcpkix-jdk18on

Package

Name: org.bouncycastle:bcpkix-jdk18on; View open source insights on deps.dev
Purl: pkg:maven/org.bouncycastle/bcpkix-jdk18on

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.73

Affected versions

1.*

1.71

1.71.1

1.72

org.bouncycastle:bcprov-ext-jdk15on

Package

Name: org.bouncycastle:bcprov-ext-jdk15on; View open source insights on deps.dev
Purl: pkg:maven/org.bouncycastle/bcprov-ext-jdk15on

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.73

Affected versions

1.*

1.46

1.47

1.48

1.49

1.50

1.51

1.52

1.53

1.54

1.55

1.56

1.57

1.58

1.59

1.60

1.61

1.62

1.63

1.64

1.65

1.66

1.67

1.68

1.69

1.70

org.bouncycastle:bcprov-jdk18on

Package

Name: org.bouncycastle:bcprov-jdk18on; View open source insights on deps.dev
Purl: pkg:maven/org.bouncycastle/bcprov-jdk18on

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.73

Affected versions

1.*

1.71

1.71.1

1.72