Описание
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| bouncycastle | fixed | 1.80-1 | package | |
| bouncycastle | no-dsa | bookworm | package | |
| bouncycastle | no-dsa | bullseye | package | |
| bouncycastle | postponed | buster | package |
Примечания
https://github.com/bcgit/bc-java/issues/1635
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281 (r1rv78v1)
Связанные уязвимости
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
Уязвимость файлов ECCurve.java и ECCurve.cs библиотеки проверки ключа EC модуля Math средств криптографической защиты Bouncy Castle Crypto Package For Java (BC Java), Bouncy Castle Java Long Term Stable (LTS) (BC-LJA), Bouncy Castle FIPS Java API (BC-FJA) и Bouncy Castle Cryptography Library For .NET, позволяющая нарушителю вызвать отказ в обслуживании