The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:06
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
07 Oct 2022, 14:50
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle flexcube Private Banking
Apache tomee Netapp oncommand Api Services Oracle financial Services Analytical Applications Infrastructure Oracle hospitality Guest Access Netapp service Level Manager Apache Oracle communications Convergence Oracle communications Diameter Signaling Router Oracle retail Xstore Point Of Service Netapp oncommand Workflow Automation Oracle soa Suite Oracle managed File Transfer Netapp active Iq Unified Manager Oracle business Process Management Suite Oracle communications Session Route Manager Oracle weblogic Server Netapp Oracle Oracle webcenter Portal Oracle peoplesoft Enterprise Peopletools Oracle data Integrator Oracle peoplesoft Enterprise Hcm Global Payroll Switzerland |
|
References | (MLIST) https://lists.apache.org/thread.html/re60f980c092ada4bfe236dcfef8b6ca3e8f3b150fc0f51b8cc13d59d@%3Ccommits.tomee.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r79b6a6aa0dd1aeb57bd253d94794bc96f1ec005953c4bd5414cc0db0@%3Ccommits.tomee.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r16c3a90cb35ae8a9c74fd5c813c16d6ac255709c9f9d71cd409e007d@%3Ccommits.tomee.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2020.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory | |
References | (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20191024-0006/ - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r8ecb5b76347f84b6e3c693f980dbbead88c25f77b815053c4e6f2c30@%3Ccommits.tomee.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r91b07985b1307390a58c5b9707f0b28ef8e9c9e1c86670459f20d601@%3Ccommits.tomee.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r4d475dcaf4f57115fa57d8e06c3823ca398b35468429e7946ebaefdc@%3Ccommits.tomee.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r467ade3fef3493f1fff1a68a256d087874e1f858ad1de7a49fe05d27@%3Ccommits.tomee.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209@%3Ccommits.tomee.apache.org%3E - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:* cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:* cpe:2.3:a:apache:tomee:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:apache:tomee:7.1.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_switzerland:9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_convergence:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:apache:tomee:8.0.1:*:*:*:*:*:*:* |
20 Jan 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-10-08 14:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-17359
Mitre link : CVE-2019-17359
CVE.ORG link : CVE-2019-17359
JSON object : View
Products Affected
oracle
- flexcube_private_banking
- data_integrator
- soa_suite
- financial_services_analytical_applications_infrastructure
- communications_convergence
- managed_file_transfer
- hospitality_guest_access
- communications_diameter_signaling_router
- communications_session_route_manager
- retail_xstore_point_of_service
- peoplesoft_enterprise_hcm_global_payroll_switzerland
- weblogic_server
- business_process_management_suite
- webcenter_portal
- peoplesoft_enterprise_peopletools
bouncycastle
- legion-of-the-bouncy-castle-java-crytography-api
netapp
- service_level_manager
- oncommand_workflow_automation
- oncommand_api_services
- active_iq_unified_manager
apache
- tomee
CWE
CWE-770
Allocation of Resources Without Limits or Throttling