Description

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

Remediation

References

CVE-2019-17359

Related Vulnerabilities

Atlassian Jira Other Vulnerability (CVE-2006-3339)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11111)

WordPress 3.6 Multiple Vulnerabilities (2.0 - 3.6)

Nginx Uncontrolled Resource Consumption Vulnerability (CVE-2018-16843)

WordPress Plugin Greenshift-animation and page builder blocks Cross-Site Scripting (4.8.8)

Severity

High

Classification

CVE-2019-17359 CWE-770 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities