VYPR
Moderate severityNVD Advisory· Published Nov 23, 2023· Updated Aug 18, 2025

CVE-2023-33202

CVE-2023-33202

Description

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.bouncycastle:bcprov-ext-jdk16Maven
< 1.731.73
org.bouncycastle:bcprov-jdk14Maven
< 1.731.73
org.bouncycastle:bcprov-jdk15Maven
< 1.731.73
org.bouncycastle:bcprov-jdk15to18Maven
< 1.731.73
org.bouncycastle:bcprov-jdk16Maven
< 1.731.73
org.bouncycastle:bcprov-jdk15onMaven
>= 0
org.bouncycastle:bcpkix-jdk18onMaven
< 1.731.73
org.bouncycastle:bcprov-ext-jdk15onMaven
< 1.731.73
org.bouncycastle:bcprov-jdk18onMaven
< 1.731.73

Affected products

12

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.