PT-2019-4597 · Bouncy Castle · Bouncy Castle Crypto

Published

2019-10-08

Updated

2024-06-15

CVE-2019-17359

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Bouncy Castle Crypto versions 1.63

Description The issue is related to the ASN.1 parser, which can trigger a large attempted memory allocation, resulting in an OutOfMemoryError, via crafted ASN.1 data. This can be exploited by a remote attacker to cause a denial of service.

Recommendations For Bouncy Castle Crypto version 1.63, update to version 1.64 to resolve the issue.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2020-00689

CVE-2019-17359

GHSA-2MH8-GX2M-MR75

OPENSUSE-SU-2024:10661-1

Affected Products

Bouncy Castle Crypto

PT-2019-4597 · Bouncy Castle · Bouncy Castle Crypto

CVE-2019-17359

Weakness Enumeration

Related Identifiers

Affected Products

References · 47