CVE-2019-17359: Allocation of Resources Without Limits or Throttling

October 17, 2019 (updated January 22, 2021)

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

References

github.com/advisories/GHSA-2mh8-gx2m-mr75
nvd.nist.gov/vuln/detail/CVE-2019-17359

Detect and mitigate CVE-2019-17359 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →