Vulnerability Description
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bouncycastle | Bc-Java | < 1.74 |
Related Weaknesses (CWE)
References
- https://bouncycastle.orgProduct
- https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bccPatch
- https://github.com/bcgit/bc-java/wiki/CVE-2023-33201Vendor Advisory
- https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html
- https://security.netapp.com/advisory/ntap-20230824-0008/
- https://bouncycastle.orgProduct
- https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bccPatch
- https://github.com/bcgit/bc-java/wiki/CVE-2023-33201Vendor Advisory
- https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html
- https://security.netapp.com/advisory/ntap-20230824-0008/
FAQ
What is CVE-2023-33201?
CVE-2023-33201 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certifica...
How severe is CVE-2023-33201?
CVE-2023-33201 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-33201?
Check the references section above for vendor advisories and patch information. Affected products include: Bouncycastle Bc-Java.