CVE-2023-33202

ADVISORY - github

Summary

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.

EPSS Score⁠: 0.00059 (0.184)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-400⁠

Uncontrolled Resource Consumption

ADVISORY - github

CWE-400⁠

Uncontrolled Resource Consumption

ADVISORY - redhat

CWE-400⁠

Uncontrolled Resource Consumption

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.