5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
org.bouncycastle: bcprov is vulnerable to Denial of Service (DoS). The vulnerability arises due to parsing certificates in the PEMParser class. This class is responsible for parsing X.509 certificates, encoded keys and PKCS7 objects. The parser can throw an OutOfMemoryError
while parsing crafted ASN.1 data which can ultimately lead to a DoS.
CPE | Name | Operator | Version |
---|---|---|---|
bouncy castle provider | le | 1.72 | |
bouncy castle provider | le | 1.70 | |
bouncy castle provider | le | 1.72 | |
bouncy castle provider | le | 1.70 |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%