logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2024-30172 org.bouncycastle:bcprov-jdk15to18

Package

Manager: maven
Name: org.bouncycastle:bcprov-jdk15to18
Vulnerable Version: >=1.73 <1.78

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00136 pctl0.34205

Details

Bouncy Castle crafted signature and public key can be used to trigger an infinite loop An issue was discovered in Bouncy Castle Java Cryptography APIs starting in 1.73 and before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

Metadata

Created: 2024-05-14T15:32:54Z
Modified: 2024-12-02T16:27:23Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-m44j-cfrm-g8qc/GHSA-m44j-cfrm-g8qc.json
CWE IDs: ["CWE-835"]
Alternative ID: GHSA-m44j-cfrm-g8qc
Finding: F138
Auto approve: 1