CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-33202

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.7%

CVSS Severity

CVSS v3 Score 5.5

References

Products affected by CVE-2023-33202

Bouncycastle » Bouncy Castle For Java » Version: Any

cpe:2.3:a:bouncycastle:bouncy_castle_for_java:*
Bouncycastle » Fips Java Api » Version: N/A

cpe:2.3:a:bouncycastle:fips_java_api:-
Bouncycastle » Fips Java Api » Version: 1.0.1

cpe:2.3:a:bouncycastle:fips_java_api:1.0.1
Bouncycastle » Fips Java Api » Version: 1.0.2

cpe:2.3:a:bouncycastle:fips_java_api:1.0.2
Bouncycastle » Fips Java Api » Version: 1.0.2.3

cpe:2.3:a:bouncycastle:fips_java_api:1.0.2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-33202

Products

Pricing

Contact Us