vulnerability
Ubuntu: USN-8108-1 (CVE-2023-33201): Bouncy Castle vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Jul 5, 2023 | Mar 19, 2026 | Mar 27, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Jul 5, 2023
Added
Mar 19, 2026
Modified
Mar 27, 2026
Description
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
Solutions
ubuntu-pro-upgrade-libbcjmail-javaubuntu-pro-upgrade-libbcmail-javaubuntu-pro-upgrade-libbcpg-javaubuntu-pro-upgrade-libbcpkix-javaubuntu-pro-upgrade-libbcprov-javaubuntu-pro-upgrade-libbctls-javaubuntu-pro-upgrade-libbcutil-java
References
- CVE-2023-33201
- https://attackerkb.com/topics/CVE-2023-33201
- CWE-295
- EUVD-EUVD-2023-2081
- UBUNTU-USN-8108-1
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-2081
- https://github.com/bcgit/bc-java/wiki/CVE-2023-33201
- https://ubuntu.com/security/notices/USN-8108-1
- https://www.cve.org/CVERecord?id=CVE-2023-33201
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.