CVE-2023-33201

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-33201
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33201.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-33201
Aliases
Related
Published
2023-07-05T03:15:09Z
Modified
2024-10-15T05:57:03.304758Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.

References

Affected packages

Debian:11 / bouncycastle

Package

Name
bouncycastle
Purl
pkg:deb/debian/bouncycastle?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.68-2
1.68-3
1.68-4
1.68-5
1.69-1
1.71-1
1.72-1
1.72-2
1.77-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / bouncycastle

Package

Name
bouncycastle
Purl
pkg:deb/debian/bouncycastle?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.72-2
1.77-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / bouncycastle

Package

Name
bouncycastle
Purl
pkg:deb/debian/bouncycastle?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.77-1

Affected versions

1.*

1.72-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/bcgit/bc-java

Affected ranges

Type
GIT
Repo
https://github.com/bcgit/bc-java
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

r1rv49
r1rv50
r1rv51
r1rv52
r1rv53
r1rv54
r1rv55
r1rv56
r1rv57
r1rv58
r1rv59
r1rv60
r1rv61
r1rv62
r1rv63
r1rv64
r1rv65
r1rv66
r1rv67
r1rv68
r1rv69
r1rv70
r1rv71
r1rv73