VYPR
← All advisories
Moderate severityNVD Advisory· Published Nov 23, 2023· Updated Aug 18, 2025

CVE-2023-33202

CVE-2023-33202

Description

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Bouncy Castle Java API < 1.73 has a DoS vulnerability in PEMParser where crafted ASN.1 data causes OutOfMemoryError.

Vulnerability

CVE-2023-33202 is a denial-of-service (DoS) vulnerability in the Bouncy Castle Java cryptography library. The bug resides in the org.bouncycastle.openssl.PEMParser class, which parses PEM-encoded streams containing X.509 certificates, PKCS8 keys, and PKCS7 objects. By providing a file with specially crafted ASN.1 data, an attacker can trigger an OutOfMemoryError, crashing the application. The root cause was a missing constraint on the isSorted boolean in the ASN1Set class, leading to uncontrolled memory allocation during DER serialization. A fix removes the isSorted flag and initializes sortedElements directly [1][3].

Exploitation

The attack is network-based and requires no authentication. The attacker sends a malicious PEM file to a service that parses it using the vulnerable PEMParser. The crafted ASN.1 structure exploits the internal sorting mechanism of ASN1Set, causing excessive memory consumption until an OutOfMemoryError occurs. This can be achieved without prior access or credentials [1].

Impact

Successful exploitation leads to a denial of service, making the affected application unresponsive or causing it to terminate. This can disrupt any service that processes PEM-encoded cryptographic objects, such as certificate authorities, TLS libraries, or PKI tools using Bouncy Castle. The vulnerability does not lead to code execution or data leakage but can cause significant availability impact [1].

Mitigation

The official fix is included in Bouncy Castle version 1.73 for the Java API and BC-FJA 1.0.2.4 for the FIPS Java API. Users should upgrade immediately. There are no workarounds reported beyond restricting the parsing of untrusted PEM files at the application level [1][3]. The commit [3] shows the code change that resolves the issue by replacing the isSorted field with direct assignment of sortedElements.

References
  1. NVD - CVE-2023-33202
  2. removed isSorted boolean · bcgit/bc-java@0c57689

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.bouncycastle:bcprov-ext-jdk16Maven
< 1.731.73
org.bouncycastle:bcprov-jdk14Maven
< 1.731.73
org.bouncycastle:bcprov-jdk15Maven
< 1.731.73
org.bouncycastle:bcprov-jdk15to18Maven
< 1.731.73
org.bouncycastle:bcprov-jdk16Maven
< 1.731.73
org.bouncycastle:bcprov-jdk15onMaven
>= 0
org.bouncycastle:bcpkix-jdk18onMaven
< 1.731.73
org.bouncycastle:bcprov-ext-jdk15onMaven
< 1.731.73
org.bouncycastle:bcprov-jdk18onMaven
< 1.731.73

Affected products

12

Patches

1
0c576892862e

removed isSorted boolean

https://github.com/bcgit/bc-javaDavid HookMar 10, 2023via ghsa
commit
3 files changed · +24 23
  • core/src/main/java/org/bouncycastle/asn1/ASN1Set.java+18 22 modified
    @@ -166,14 +166,13 @@ public static ASN1Set getInstance(ASN1TaggedObject taggedObject, boolean explici
     }
 
     protected final ASN1Encodable[] elements;
-    protected final boolean isSorted;
 
     protected ASN1Encodable[] sortedElements;
 
     protected ASN1Set()
     {
         this.elements = ASN1EncodableVector.EMPTY_ELEMENTS;
-        this.isSorted = true;
+        this.sortedElements = elements;
     }
 
     /**
@@ -188,7 +187,7 @@ protected ASN1Set(ASN1Encodable element)
         }
 
         this.elements = new ASN1Encodable[]{ element };
-        this.isSorted = true;
+        this.sortedElements = elements;
     }
 
     /**
@@ -215,7 +214,7 @@ protected ASN1Set(ASN1EncodableVector elementVector, boolean doSort)
         }
 
         this.elements = tmp;
-        this.isSorted = doSort || tmp.length < 2;
+        this.sortedElements = (doSort || tmp.length < 2) ? elements : null;
     }
 
     /**
@@ -237,13 +236,19 @@ protected ASN1Set(ASN1Encodable[] elements, boolean doSort)
         }
 
         this.elements = tmp;
-        this.isSorted = doSort || tmp.length < 2;
+        this.sortedElements = (doSort || tmp.length < 2) ? elements : null;
     }
 
     ASN1Set(boolean isSorted, ASN1Encodable[] elements)
     {
         this.elements = elements;
-        this.isSorted = isSorted || elements.length < 2;
+        this.sortedElements = (isSorted || elements.length < 2) ? elements : null;
+    }
+
+    ASN1Set(ASN1Encodable[] elements, ASN1Encodable[] sortedElements)
+    {
+        this.elements = elements;
+        this.sortedElements = sortedElements;
     }
 
     public Enumeration getObjects()
@@ -355,22 +360,13 @@ public int hashCode()
      */
     ASN1Primitive toDERObject()
     {
-        ASN1Encodable[] tmp;
-        if (isSorted)
+        if (sortedElements == null)
         {
-            tmp = elements;
-        }
-        else
-        {
-            if (sortedElements == null)
-            {
-                sortedElements = (ASN1Encodable[])elements.clone();
-                sort(sortedElements);
-            }
-            tmp = sortedElements;
+            sortedElements = (ASN1Encodable[])elements.clone();
+            sort(sortedElements);
         }
 
-        return new DERSet(true, tmp);
+        return new DERSet(true, sortedElements);
     }
 
     /**
@@ -379,7 +375,7 @@ ASN1Primitive toDERObject()
      */
     ASN1Primitive toDLObject()
     {
-        return new DLSet(isSorted, elements);
+        return new DLSet(elements, sortedElements);
     }
 
     boolean asn1Equals(ASN1Primitive other)
@@ -478,8 +474,8 @@ private static boolean lessThanOrEqual(byte[] a, byte[] b)
          * primitive form accordingly. Failing to ignore the CONSTRUCTED bit could therefore lead to
          * ordering inversions.
          */
-        int a0 = a[0] & ~BERTags.CONSTRUCTED & 0xFF;
-        int b0 = b[0] & ~BERTags.CONSTRUCTED & 0xFF;
+        int a0 = a[0] & (~BERTags.CONSTRUCTED & 0xff);
+        int b0 = b[0] & (~BERTags.CONSTRUCTED & 0xff);
         if (a0 != b0)
         {
             return a0 < b0;
  • core/src/main/java/org/bouncycastle/asn1/DERSet.java+1 1 modified
    @@ -134,7 +134,7 @@ void encode(ASN1OutputStream out, boolean withTag) throws IOException
 
     ASN1Primitive toDERObject()
     {
-        return isSorted ? this : super.toDERObject();
+        return (sortedElements != null) ? this : super.toDERObject();
     }
 
     ASN1Primitive toDLObject()
  • core/src/main/java/org/bouncycastle/asn1/DLSet.java+5 0 modified
    @@ -91,6 +91,11 @@ public DLSet(ASN1Encodable[] elements)
         super(isSorted, elements);
     }
 
+    DLSet(ASN1Encodable[] elements, ASN1Encodable[] sortedElements)
+    {
+        super(elements, sortedElements);
+    }
+
     private int getContentsLength() throws IOException
     {
         if (contentsLength < 0)

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.