Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificates Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
Weakness
The product does not validate, or incorrectly validates, a certificate.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bc-java | Bouncycastle | * | 1.74 (excluding) |
| AMQ Broker 7.11.5 | RedHat | bouncycastle | * |
| Cryostat 2 on RHEL 8 | RedHat | cryostat-tech-preview/cryostat-grafana-dashboard-rhel8:2.4.0-2 | * |
| Cryostat 2 on RHEL 8 | RedHat | cryostat-tech-preview/cryostat-operator-bundle:2.4.0-2 | * |
| Cryostat 2 on RHEL 8 | RedHat | cryostat-tech-preview/cryostat-reports-rhel8:2.4.0-2 | * |
| Cryostat 2 on RHEL 8 | RedHat | cryostat-tech-preview/cryostat-rhel8:2.4.0-2 | * |
| Cryostat 2 on RHEL 8 | RedHat | cryostat-tech-preview/cryostat-rhel8-operator:2.4.0-3 | * |
| Cryostat 2 on RHEL 8 | RedHat | cryostat-tech-preview/jfr-datasource-rhel8:2.4.0-2 | * |
| Red Hat AMQ Streams 2.5.0 | RedHat | * | |
| Red Hat AMQ Streams 2.6.0 | RedHat | bouncycastle | * |
| Red Hat AMQ Streams 2.7.0 | RedHat | * | |
| Red Hat Fuse 7.12 | RedHat | bouncycastle | * |
| Red Hat JBoss Enterprise Application Platform 7 | RedHat | bouncycastle | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | RedHat | eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap | * |
| Red Hat Single Sign-On 7 | RedHat | bouncycastle | * |
| Red Hat Single Sign-On 7.6 for RHEL 7 | RedHat | rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso | * |
| Red Hat Single Sign-On 7.6 for RHEL 8 | RedHat | rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso | * |
| Red Hat Single Sign-On 7.6 for RHEL 9 | RedHat | rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso | * |
| RHEL-8 based Middleware Containers | RedHat | rh-sso-7/sso76-openshift-rhel8:7.6-36 | * |
| RHINT Camel-Springboot 3.18.3.2 | RedHat | bouncycastle | * |
| RHPAM 7.13.5 async | RedHat | bouncycastle | * |
| Bouncycastle | Ubuntu | bionic | * |
| Bouncycastle | Ubuntu | focal | * |
| Bouncycastle | Ubuntu | kinetic | * |
| Bouncycastle | Ubuntu | lunar | * |
| Bouncycastle | Ubuntu | mantic | * |
| Bouncycastle | Ubuntu | oracular | * |
| Bouncycastle | Ubuntu | plucky | * |
| Bouncycastle | Ubuntu | trusty | * |
| Bouncycastle | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
References
- https://bouncycastle.org
- https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
- https://github.com/bcgit/bc-java/wiki/CVE-2023-33201
- https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html
- https://security.netapp.com/advisory/ntap-20230824-0008/
- https://bouncycastle.org
- https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
- https://github.com/bcgit/bc-java/wiki/CVE-2023-33201
- https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html
- https://security.netapp.com/advisory/ntap-20230824-0008/