CVE-2023-33201

CWE-295Improper Certificate ValidationCWE-200Information Exposure16 documents9 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 46.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Bouncycastle Bc-java
Timeline
PublishedJul 5
Latest updateMar 18

Description

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages15 packages

Mavenorg.bouncycastle:bcprov-jdk141.491.74

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
bouncycastle vulnerabilities2026-03-18
GHSA
Bouncy Castle For Java LDAP injection vulnerability2023-07-05
CVEList
CVE-2023-33201: Bouncy Castle For Java before 12023-07-05
OSV
CVE-2023-33201: Bouncy Castle For Java before 12023-07-05
OSV
Bouncy Castle For Java LDAP injection vulnerability2023-07-05

📋Vendor Advisories

9
Ubuntu
Bouncy Castle vulnerabilities2026-03-18
Oracle
Oracle Oracle Commerce Risk Matrix: Workbench (Bouncy Castle Java Library) — CVE-2023-332012025-01-15
Oracle
Oracle Oracle Systems Risk Matrix: Tools (Bouncy Castle Java Library) — CVE-2023-332012024-10-15
Oracle
Oracle Oracle Communications Risk Matrix: Security (Bouncy Castle Java Library) — CVE-2023-332012024-07-15
Oracle
Oracle Oracle Communications Risk Matrix: Configuration (Bouncy Castle Java Library) — CVE-2023-332012024-04-15

🕵️Threat Intelligence

1
Huntress
CVE-2023-33201 Vulnerability: Analysis, Detection, Removal | Huntress
CVE-2023-33201 (MEDIUM CVSS 5.3) | Bouncy Castle For Java before 1.74 | cvebase.io