Vulnerabilities

 2 via 3 paths

Dependencies

 48

Source

 GitHub

Commit

 5222bfb7

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 2
Status
  • 2
  • 0
  • 0

medium severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: org.bouncycastle:bcpkix-jdk18on
  • Introduced through: org.bouncycastle:bcpkix-jdk18on@1.78.1

Detailed paths

  • Introduced through: mariadb/mariadb-connector-j@mariadb/mariadb-connector-j#5222bfb7b30f8bcb71447b03d86843e872d19ec2 org.bouncycastle:bcpkix-jdk18on@1.78.1
    Remediation: Upgrade to org.bouncycastle:bcpkix-jdk18on@1.79.

Overview

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1 objects, potentially leading to service disruption.

Workaround

This vulnerability can be mitigated by limiting the size of ASN.1 objects that can be loaded from untrusted sources, thereby capping the maximum size of a Name Constraints structure.

Remediation

Upgrade org.bouncycastle:bcpkix-jdk18on to version 1.79 or higher.

References

Allocation of Resources Without Limits or Throttling vulnerability report

medium severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: org.bouncycastle:bcprov-jdk18on
  • Introduced through: org.bouncycastle:bcpkix-jdk18on@1.78.1

Detailed paths

  • Introduced through: mariadb/mariadb-connector-j@mariadb/mariadb-connector-j#5222bfb7b30f8bcb71447b03d86843e872d19ec2 org.bouncycastle:bcpkix-jdk18on@1.78.1 org.bouncycastle:bcprov-jdk18on@1.78.1
    Remediation: Upgrade to org.bouncycastle:bcpkix-jdk18on@1.79.
  • Introduced through: mariadb/mariadb-connector-j@mariadb/mariadb-connector-j#5222bfb7b30f8bcb71447b03d86843e872d19ec2 org.bouncycastle:bcpkix-jdk18on@1.78.1 org.bouncycastle:bcutil-jdk18on@1.78.1 org.bouncycastle:bcprov-jdk18on@1.78.1
    Remediation: Upgrade to org.bouncycastle:bcpkix-jdk18on@1.79.

Overview

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1 objects, potentially leading to service disruption.

Workaround

This vulnerability can be mitigated by limiting the size of ASN.1 objects that can be loaded from untrusted sources, thereby capping the maximum size of a Name Constraints structure.

Remediation

Upgrade org.bouncycastle:bcprov-jdk18on to version 1.79 or higher.

References

Allocation of Resources Without Limits or Throttling vulnerability report