Memory Allocation Vulnerability in Bouncy Castle Crypto (BC Java) 1.63

Memory Allocation Vulnerability in Bouncy Castle Crypto (BC Java) 1.63

CVE-2019-17359 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

Learn more about our Web Application Penetration Testing UK.