ALAS2023-2024-479 --- bouncycastleID: oval:org.secpod.oval:def:19500555 | Date: (C)2024-02-13 (M)2024-02-13 |
Class: PATCH | Family: unix |
Bouncy Castle for Java before 1.73 contains a potential Denial of Service issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack
Platform: |
Amazon Linux 2023 |