Fix Bouncy Castle — CVE-2023-33202 HIGH
Fix CVE-2023-33202 (HIGH) in Bouncy Castle for Java/Maven. Paste your pom.xml into PackageFix and get a patched version — no CLI, no signup. Infinite loop via crafted certificate in ldap parsing.
⚠ Vulnerability
CVE-2023-33202 (HIGH) — infinite loop via crafted certificate in LDAP parsing in Bouncy Castle below 1.78.
Vulnerable — pom.xml
1.70
Fixed — pom.xml
1.78
✓ Fix
Update Bouncy Castle to 1.78 and run mvn dependency:resolve.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2023-33202 |
| Severity | HIGH |
| Package | Bouncy Castle (Java/Maven) |
| Safe version | 1.78 |
| CISA KEV | — |
| Description | Infinite loop via crafted certificate in ldap parsing |
Frequently Asked Questions
What is CVE-2023-33202?
CVE-2023-33202 is a HIGH severity vulnerability in Bouncy Castle (Java/Maven) that allows infinite loop via crafted certificate in LDAP parsing. Update to 1.78 or later.
How do I fix CVE-2023-33202 in Bouncy Castle?
Update Bouncy Castle to version 1.78 in your pom.xml and run mvn dependency:resolve.
Is CVE-2023-33202 being actively exploited?
Check packagefix.dev — the CISA KEV catalog updates daily.
How do I verify the fix for CVE-2023-33202?
After updating, paste your pom.xml into PackageFix again. If CVE-2023-33202 no longer appears in the CVE table, the fix is applied.