Out-of-Memory Error in Bouncy Castle Crypto
High severity
GitHub Reviewed
Published
Oct 17, 2019
to the GitHub Advisory Database
•
Updated Jan 28, 2023
Description
Published by the National Vulnerability Database
Oct 8, 2019
Reviewed
Oct 17, 2019
Published to the GitHub Advisory Database
Oct 17, 2019
Last updated
Jan 28, 2023
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
References