The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 12 May 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Bouncycastle bc-java
CPEs cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.63:*:*:*:*:*:*:* cpe:2.3:a:bouncycastle:bc-java:1.63:*:*:*:*:*:*:*
Vendors & Products Bouncycastle legion-of-the-bouncy-castle-java-crytography-api
Bouncycastle bc-java

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T01:40:15.255Z

Reserved: 2019-10-08T00:00:00

Link: CVE-2019-17359

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-10-08T14:15:10.573

Modified: 2025-05-12T17:37:16.527

Link: CVE-2019-17359

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.