CVE-2019-17359

CVSS v3.1 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.59 % (79^th)

Affected Products 21

Advisories 1

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

Weaknesses

CWE-770: Allocation of Resources Without Limits or Throttling

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2019-10-08 14:15:10
(5 years ago)
Updated Date: 2023-11-07 03:06:16
(10 months ago)

Affected Products

Apache

Tomee

Bouncycastle

Legion-of-the-bouncy-castle-java-crytography-api

Netapp

Oracle

Configuration #1

		CPE23	From	Up To
	Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.63	cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.63

Configuration #2

		CPE23	From	Up To
	Apache Tomee 7.0.7	cpe:2.3:a:apache:tomee:7.0.7
	Apache Tomee 7.1.2	cpe:2.3:a:apache:tomee:7.1.2
	Apache Tomee 8.0.1	cpe:2.3:a:apache:tomee:8.0.1

Configuration #3

	CPE23	From
Netapp Active Iq Unified Manager for Linux from 7.3 version	cpe:2.3:a:netapp:active_iq_unified_manager::::::linux	>= 7.3
Netapp Active Iq Unified Manager for Windows from 7.3 version	cpe:2.3:a:netapp:active_iq_unified_manager::::::windows	>= 7.3
Netapp Active Iq Unified Manager for Vmware Vsphere from 9.5 version	cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere	>= 9.5
Netapp Oncommand Api Services	cpe:2.3:a:netapp:oncommand_api_services:-
Netapp Oncommand Workflow Automation	cpe:2.3:a:netapp:oncommand_workflow_automation:-
Netapp Service Level Manager	cpe:2.3:a:netapp:service_level_manager:-

Configuration #4

	CPE23	From	Up To
Oracle Business Process Management Suite 12.2.1.3.0	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.4.0	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0
Oracle Communications Convergence from 3.0.1.0 version and 3.0.2.1 and prior versions	cpe:2.3:a:oracle:communications_convergence	>= 3.0.1.0	<= 3.0.2.1
Oracle Communications Diameter Signaling Router from 8.0.0 version and 8.2.2 and prior versions	cpe:2.3:a:oracle:communications_diameter_signaling_router	>= 8.0.0	<= 8.2.2
Oracle Communications Session Route Manager from 8.2.0 version and 8.2.2 and prior versions	cpe:2.3:a:oracle:communications_session_route_manager	>= 8.2.0	<= 8.2.2
Oracle Data Integrator 12.2.1.4.0	cpe:2.3:a:oracle:data_integrator:12.2.1.4.0
Oracle Financial Services Analytical Applications Infrastructure from 8.0.6 version and 8.0.9 and prior versions	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure	>= 8.0.6	<= 8.0.9
Oracle Flexcube Private Banking 12.0.0	cpe:2.3:a:oracle:flexcube_private_banking:12.0.0
Oracle Flexcube Private Banking 12.1.0	cpe:2.3:a:oracle:flexcube_private_banking:12.1.0
Oracle Hospitality Guest Access 4.2.0	cpe:2.3:a:oracle:hospitality_guest_access:4.2.0
Oracle Managed File Transfer 12.2.1.3.0	cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0
Oracle Managed File Transfer 12.2.1.4.0	cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0
Oracle Peoplesoft Enterprise Hcm Global Payroll Switzerland 9.2	cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_switzerland:9.2
Oracle Peoplesoft Enterprise Peopletools 8.56	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56
Oracle Peoplesoft Enterprise Peopletools 8.57	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57
Oracle Peoplesoft Enterprise Peopletools 8.58	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58
Oracle Retail Xstore Point Of Service 18.0.1	cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.1
Oracle Soa Suite 12.2.1.3.0	cpe:2.3:a:oracle:soa_suite:12.2.1.3.0
Oracle Soa Suite 12.2.1.4.0	cpe:2.3:a:oracle:soa_suite:12.2.1.4.0
Oracle Webcenter Portal 11.1.1.9.0	cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0
Oracle Webcenter Portal 12.2.1.3.0	cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0
Oracle Webcenter Portal 12.2.1.4.0	cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0
Oracle Weblogic Server 12.2.1.3.0	cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0
Oracle Weblogic Server 12.2.1.4.0	cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0