Medium severity5.5NVD Advisory· Published Nov 23, 2023· Updated Jun 17, 2026
CVE-2023-33202
CVE-2023-33202
Description
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.bouncycastle:bcprov-ext-jdk16Maven | < 1.73 | 1.73 |
org.bouncycastle:bcprov-jdk14Maven | < 1.73 | 1.73 |
org.bouncycastle:bcprov-jdk15Maven | < 1.73 | 1.73 |
org.bouncycastle:bcprov-jdk15to18Maven | < 1.73 | 1.73 |
org.bouncycastle:bcprov-jdk16Maven | < 1.73 | 1.73 |
org.bouncycastle:bcprov-jdk15onMaven | >= 0 | — |
org.bouncycastle:bcpkix-jdk18onMaven | < 1.73 | 1.73 |
org.bouncycastle:bcprov-ext-jdk15onMaven | < 1.73 | 1.73 |
org.bouncycastle:bcprov-jdk18onMaven | < 1.73 | 1.73 |
Affected products
12- Bouncy Castle/Bouncy Castle for Javadescription
- osv-coords11 versionspkg:apk/chainguard/gradle-8pkg:apk/wolfi/gradle-8pkg:maven/org.bouncycastle/bcpkix-jdk18onpkg:maven/org.bouncycastle/bcprov-ext-jdk15onpkg:maven/org.bouncycastle/bcprov-ext-jdk16pkg:maven/org.bouncycastle/bcprov-jdk14pkg:maven/org.bouncycastle/bcprov-jdk15pkg:maven/org.bouncycastle/bcprov-jdk15onpkg:maven/org.bouncycastle/bcprov-jdk15to18pkg:maven/org.bouncycastle/bcprov-jdk16pkg:maven/org.bouncycastle/bcprov-jdk18on
< 8.7.0-r1+ 10 more
- (no CPE)range: < 8.7.0-r1
- (no CPE)range: < 8.7.0-r1
- (no CPE)range: < 1.73
- (no CPE)range: < 1.73
- (no CPE)range: < 1.73
- (no CPE)range: < 1.73
- (no CPE)range: < 1.73
- (no CPE)range: >= 0
- (no CPE)range: < 1.73
- (no CPE)range: < 1.73
- (no CPE)range: < 1.73
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-wjxj-5m7g-mg7qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-33202ghsaADVISORY
- security.netapp.com/advisory/ntap-20240125-0001/nvdThird Party Advisory
- bouncycastle.orgnvdProductWEB
- github.com/bcgit/bc-java/commit/0c576892862ed41894f49a8f639112e8d66d229cghsaWEB
- security.netapp.com/advisory/ntap-20240125-0001ghsaWEB
News mentions
0No linked articles in our index yet.