CVE-2023-33201

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.

Vendor	n/a
Product	n/a
Published	Jul 5, 2023
Last Updated	Dec 4, 2024

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new unknown vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

bouncycastle.org: https://bouncycastle.org github.com: https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc github.com: https://github.com/bcgit/bc-java/wiki/CVE-2023-33201 lists.debian.org: https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html security.netapp.com: https://security.netapp.com/advisory/ntap-20230824-0008/