Lucene search
PRIOn knowledge basePRION:CVE-2023-33202HistoryNov 23, 2023 - 4:15 p.m.
Design/Logic Flaw
2023-11-2316:15:00
PRIOn knowledge base
www.prio-n.com
5
bouncy castle
java
dos
vulnerability
pemparser
outofmemoryerror
asn.1
denial of service
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)
| CPE | Name | Operator | Version |
|---|---|---|---|
| bouncy_castle_for_java | lt | 1.73 |
Related
debiancve
debiancve
CVE-2023-33202
2023-11-23 16:15:07
osv
osv
CVE-2023-33202
2023-11-23 16:15:07
Bouncy Castle Denial of Service (DoS)
2023-11-23 18:30:33
veracode
veracode
Denial Of Service (DoS)
2023-11-27 07:58:36
cvelist
cvelist
CVE-2023-33202
2023-11-23 00:00:00
github
github
Bouncy Castle Denial of Service (DoS)
2023-11-23 18:30:33
cgr
cgr
CVE-2023-33202 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2023-33202 vulnerabilities
2024-06-28 21:08:33
redhatcve
redhatcve
CVE-2023-33202
2023-11-23 20:49:53
ibm
ibm
ubuntucve
ubuntucve
CVE-2023-33202
2023-11-23 00:00:00
nvd
nvd
CVE-2023-33202
2023-11-23 16:15:07
nessus
nessus
Amazon Linux 2023 : bouncycastle, bouncycastle-javadoc, bouncycastle-mail (ALAS2023-2024-479)
2024-01-08 00:00:00
Oracle WebLogic Server (April 2024 CPU)
2024-04-17 00:00:00
cve
cve
CVE-2023-33202
2023-11-23 16:15:07
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00