Bouncy Castle Java DoS via PEMParser (v<1.73): CVE-2023-33202 November 2023

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)

Products Associated with CVE-2023-33202

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-33202 are published in these products:

Exploit Probability

EPSS

0.14%

Percentile

34.36%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Bouncy Castle Java DoS via PEMParser (v<1.73)CVE-2023-33202 Published on November 23, 2023

Products Associated with CVE-2023-33202

Exploit Probability

Bouncy Castle Java DoS via PEMParser (v<1.73)
CVE-2023-33202 Published on November 23, 2023