PT-2019-4597 · Bouncy Castle · Bouncy Castle Crypto

Publicado

2019-10-08

Atualizado

2024-06-15

CVE-2019-17359

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Bouncy Castle Crypto versions 1.63

Description The issue is related to the ASN.1 parser, which can trigger a large attempted memory allocation, resulting in an OutOfMemoryError, via crafted ASN.1 data. This can be exploited by a remote attacker to cause a denial of service.

Recommendations For Bouncy Castle Crypto version 1.63, update to version 1.64 to resolve the issue.

Correção

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

BDU:2020-00689

CVE-2019-17359

GHSA-2MH8-GX2M-MR75

OPENSUSE-SU-2024:10661-1

Produtos afetados

Bouncy Castle Crypto

PT-2019-4597 · Bouncy Castle · Bouncy Castle Crypto

CVE-2019-17359

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 47