Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/606817?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/606817?format=api", "purl": "pkg:maven/org.bouncycastle/bcprov-jdk14@1.71", "type": "maven", "namespace": "org.bouncycastle", "name": "bcprov-jdk14", "version": "1.71", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.78", "latest_non_vulnerable_version": "1.78", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19635?format=api", "vulnerability_id": "VCID-2j9r-6zbp-m3bz", "summary": "Bouncy Castle affected by timing side-channel for RSA key exchange (\"The Marvin Attack\")\nAn issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30171.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30171.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-30171", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28037", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28131", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28137", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28094", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28535", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2868", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2873", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28601", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-30171" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30171", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30171" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/bcgit/bc-csharp/commit/c984b8bfd8544dfc55dba91a02cbbbb9c580c217", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-csharp/commit/c984b8bfd8544dfc55dba91a02cbbbb9c580c217" }, { "reference_url": "https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/" } ], "url": "https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171" }, { "reference_url": "https://github.com/bcgit/bc-java/commit/d7d5e735abd64bf0f413f54fd9e495fc02400fb0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java/commit/d7d5e735abd64bf0f413f54fd9e495fc02400fb0" }, { "reference_url": "https://github.com/bcgit/bc-java/commit/e0569dcb1dea9d421d84fc4c5c5688fe101afa2d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java/commit/e0569dcb1dea9d421d84fc4c5c5688fe101afa2d" }, { "reference_url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/" } ], "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30171", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30171" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240614-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240614-0008" }, { "reference_url": "https://www.bouncycastle.org/latest_releases.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/" } ], "url": "https://www.bouncycastle.org/latest_releases.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655", "reference_id": "1070655", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276360", "reference_id": "2276360", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276360" }, { "reference_url": "https://github.com/advisories/GHSA-v435-xc8x-wvr9", "reference_id": "GHSA-v435-xc8x-wvr9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v435-xc8x-wvr9" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240614-0008/", "reference_id": "ntap-20240614-0008", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240614-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4173", "reference_id": "RHSA-2024:4173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4271", "reference_id": "RHSA-2024:4271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4326", "reference_id": "RHSA-2024:4326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4505", "reference_id": "RHSA-2024:4505", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4505" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5479", "reference_id": "RHSA-2024:5479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5481", "reference_id": "RHSA-2024:5481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5482", "reference_id": "RHSA-2024:5482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5482" }, { "reference_url": "https://usn.ubuntu.com/8108-1/", "reference_id": "USN-8108-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8108-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60417?format=api", "purl": "pkg:maven/org.bouncycastle/bcprov-jdk14@1.78", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk14@1.78" } ], "aliases": [ "CVE-2024-30171", "GHSA-v435-xc8x-wvr9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2j9r-6zbp-m3bz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19725?format=api", "vulnerability_id": "VCID-4rs8-tp92-p7ck", "summary": "Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.\nAn issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29857.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29857.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29857", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40999", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41005", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40956", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41031", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48553", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.4856", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48547", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48574", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29857" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63" }, { "reference_url": "https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/" } ], "url": "https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857" }, { "reference_url": "https://github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501f" }, { "reference_url": "https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281" }, { "reference_url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/" } ], "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29857", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29857" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241206-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20241206-0008" }, { "reference_url": "https://www.bouncycastle.org/latest_releases.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/" } ], "url": "https://www.bouncycastle.org/latest_releases.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655", "reference_id": "1070655", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293028", "reference_id": "2293028", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293028" }, { "reference_url": "https://github.com/advisories/GHSA-8xfc-gm6g-vgpv", "reference_id": "GHSA-8xfc-gm6g-vgpv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8xfc-gm6g-vgpv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4271", "reference_id": "RHSA-2024:4271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4326", "reference_id": "RHSA-2024:4326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4505", "reference_id": "RHSA-2024:4505", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4505" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5479", "reference_id": "RHSA-2024:5479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5481", "reference_id": "RHSA-2024:5481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5482", "reference_id": "RHSA-2024:5482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5482" }, { "reference_url": "https://usn.ubuntu.com/8108-1/", "reference_id": "USN-8108-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8108-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60417?format=api", "purl": "pkg:maven/org.bouncycastle/bcprov-jdk14@1.78", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk14@1.78" } ], "aliases": [ "CVE-2024-29857", "GHSA-8xfc-gm6g-vgpv" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4rs8-tp92-p7ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18171?format=api", "vulnerability_id": "VCID-abxq-7eq3-g7dp", "summary": "Improper Certificate Validation\nBouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33201.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33201.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.5328", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53325", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53342", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53306", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53307", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53327", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53275", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53358", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33201" }, { "reference_url": "https://bouncycastle.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/" } ], "url": "https://bouncycastle.org" }, { "reference_url": "https://bouncycastle.org/releasenotes.html#r1rv74", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bouncycastle.org/releasenotes.html#r1rv74" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/bcgit/bc-java", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java" }, { "reference_url": "https://github.com/bcgit/bc-java/commit/ccf93ca736b89250ff4ce079a5aa56f5cbf0ebbd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java/commit/ccf93ca736b89250ff4ce079a5aa56f5cbf0ebbd" }, { "reference_url": "https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/" } ], "url": "https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc" }, { "reference_url": "https://github.com/bcgit/bc-java/commits/main/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java/commits/main/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230824-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230824-0008" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230824-0008/", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230824-0008/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040050", "reference_id": "1040050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465", "reference_id": "2215465", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465" }, { "reference_url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201", "reference_id": "CVE-2023-33201", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/" } ], "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201", "reference_id": "CVE-2023-33201", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201" }, { "reference_url": "https://github.com/advisories/GHSA-hr8g-6v94-x4m9", "reference_id": "GHSA-hr8g-6v94-x4m9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hr8g-6v94-x4m9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5147", "reference_id": "RHSA-2023:5147", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5165", "reference_id": "RHSA-2023:5165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7482", "reference_id": "RHSA-2023:7482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7483", "reference_id": "RHSA-2023:7483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7484", "reference_id": "RHSA-2023:7484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7486", "reference_id": "RHSA-2023:7486", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7486" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7488", "reference_id": "RHSA-2023:7488", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7488" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7669", "reference_id": "RHSA-2023:7669", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7669" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7678", "reference_id": "RHSA-2023:7678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0278", "reference_id": "RHSA-2024:0278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0278" }, { "reference_url": "https://usn.ubuntu.com/8108-1/", "reference_id": "USN-8108-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8108-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58555?format=api", "purl": "pkg:maven/org.bouncycastle/bcprov-jdk14@1.74", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j9r-6zbp-m3bz" }, { "vulnerability": "VCID-4rs8-tp92-p7ck" }, { "vulnerability": "VCID-d5x5-hcjh-efcr" }, { "vulnerability": "VCID-e4j2-7rmt-17bf" }, { "vulnerability": "VCID-rary-mqyu-2yes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk14@1.74" } ], "aliases": [ "CVE-2023-33201", "GHSA-hr8g-6v94-x4m9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-abxq-7eq3-g7dp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19837?format=api", "vulnerability_id": "VCID-e4j2-7rmt-17bf", "summary": "Bouncy Castle Java Cryptography API vulnerable to DNS poisoning\nAn issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34447.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34447.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.29012", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28928", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28887", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28819", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28963", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34348", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34388", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34325", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34447" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/bcgit/bc-java", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java" }, { "reference_url": "https://github.com/bcgit/bc-java/issues/1656", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java/issues/1656" }, { "reference_url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-16T18:10:40Z/" } ], "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34447", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34447" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240614-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240614-0007" }, { "reference_url": "https://www.bouncycastle.org/latest_releases.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-16T18:10:40Z/" } ], "url": "https://www.bouncycastle.org/latest_releases.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655", "reference_id": "1070655", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279227", "reference_id": "2279227", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279227" }, { "reference_url": "https://github.com/advisories/GHSA-4h8f-2wvx-gg5w", "reference_id": "GHSA-4h8f-2wvx-gg5w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4h8f-2wvx-gg5w" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240614-0007/", "reference_id": "ntap-20240614-0007", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-16T18:10:40Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240614-0007/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4271", "reference_id": "RHSA-2024:4271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4326", "reference_id": "RHSA-2024:4326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4326" }, { "reference_url": "https://usn.ubuntu.com/8108-1/", "reference_id": "USN-8108-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8108-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60417?format=api", "purl": "pkg:maven/org.bouncycastle/bcprov-jdk14@1.78", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk14@1.78" } ], "aliases": [ "CVE-2024-34447", "GHSA-4h8f-2wvx-gg5w" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4j2-7rmt-17bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27538?format=api", "vulnerability_id": "VCID-rary-mqyu-2yes", "summary": "Bouncy Castle for Java on All (API modules) allows Excessive Allocation\nA resource allocation vulnerability exists in Bouncy Castle for Java (by Legion of the Bouncy Castle Inc.) that affects all API modules. The vulnerability allows attackers to cause excessive memory allocation through unbounded resource consumption, potentially leading to denial of service. The issue is located in the ASN1ObjectIdentifier.java file in the core module.\n\nThis issue affects Bouncy Castle for Java: from BC 1.0 through 1.77, from BC-FJA 1.0.0 through 2.0.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8885.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8885.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21601", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21659", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21697", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21686", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21628", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21551", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.218", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21745", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8885" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/bcgit/bc-java", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java" }, { "reference_url": "https://github.com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java" }, { "reference_url": "https://github.com/bcgit/bc-java/commit/3790993df5d28f661a64439a8664343437ed3865", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java/commit/3790993df5d28f661a64439a8664343437ed3865" }, { "reference_url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T18:14:28Z/" } ], "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8885", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8885" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387790", "reference_id": "2387790", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387790" }, { "reference_url": "https://github.com/advisories/GHSA-67mf-3cr5-8w23", "reference_id": "GHSA-67mf-3cr5-8w23", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-67mf-3cr5-8w23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60417?format=api", "purl": "pkg:maven/org.bouncycastle/bcprov-jdk14@1.78", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk14@1.78" } ], "aliases": [ "CVE-2025-8885", "GHSA-67mf-3cr5-8w23" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rary-mqyu-2yes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19918?format=api", "vulnerability_id": "VCID-sz15-payv-uyab", "summary": "Uncontrolled Resource Consumption\nBouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33202.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36791", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36816", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36851", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36842", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36911", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36827", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36776", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36944", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33202" }, { "reference_url": "https://bouncycastle.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T17:51:39Z/" } ], "url": "https://bouncycastle.org" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202" }, { "reference_url": "https://github.com/bcgit/bc-java", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java" }, { "reference_url": "https://github.com/bcgit/bc-java/commit/0c576892862ed41894f49a8f639112e8d66d229c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java/commit/0c576892862ed41894f49a8f639112e8d66d229c" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240125-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240125-0001" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056754", "reference_id": "1056754", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056754" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251281", "reference_id": "2251281", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251281" }, { "reference_url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33202", "reference_id": "CVE-2023-33202", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T17:51:39Z/" } ], "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33202" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33202", "reference_id": "CVE-2023-33202", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33202" }, { "reference_url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902023%E2%80%9033202", "reference_id": "CVE%E2%80%902023%E2%80%9033202", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T17:51:39Z/" } ], "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902023%E2%80%9033202" }, { "reference_url": "https://github.com/advisories/GHSA-wjxj-5m7g-mg7q", "reference_id": "GHSA-wjxj-5m7g-mg7q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wjxj-5m7g-mg7q" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240125-0001/", "reference_id": "ntap-20240125-0001", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T17:51:39Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240125-0001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61269?format=api", "purl": "pkg:maven/org.bouncycastle/bcprov-jdk14@1.73", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j9r-6zbp-m3bz" }, { "vulnerability": "VCID-4rs8-tp92-p7ck" }, { "vulnerability": "VCID-abxq-7eq3-g7dp" }, { "vulnerability": "VCID-d5x5-hcjh-efcr" }, { "vulnerability": "VCID-e4j2-7rmt-17bf" }, { "vulnerability": "VCID-rary-mqyu-2yes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk14@1.73" } ], "aliases": [ "CVE-2023-33202", "GHSA-wjxj-5m7g-mg7q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sz15-payv-uyab" } ], "fixing_vulnerabilities": [], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk14@1.71" }