CVE-2023-33201
CWE-295Published: July 5, 2023· Updated: Jun 17, 2026
Official Description
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
Technical Analysis
CVE-2023-33201 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
Official Patches & Advisories
All References (10)
Quick Facts
Related CVEs (CWE-295)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2023-33201 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts