Vulnerability

CVE-2019-17359

 Report advisory or correction

CVSS Score 7.5 high

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17359
https://www.bouncycastle.org/releasenotes.html
https://issues.apache.org/jira/browse/TOMEE-2788?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17359

[CVE-2019-17359] CWE-770: Allocation of Resources Without Limits or Throttling

Description

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

See org.bouncycastle/bcprov-jdk15on package information