Описание
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| bouncycastle | fixed | 1.80-1 | package | |
| bouncycastle | no-dsa | bookworm | package | |
| bouncycastle | no-dsa | bullseye | package | |
| bouncycastle | postponed | buster | package |
Примечания
https://github.com/bcgit/bc-java/issues/1599
Fixed by: https://github.com/bcgit/bc-java/commit/9c165791b68a204678b48ec11e4e579754c2ea49 (r1rv78v1)
Addional hardening: https://github.com/bcgit/bc-java/commit/ebe1c75579170072dc59b8dee2b55ce31663178f (r1rv78v1)
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030172
Связанные уязвимости
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
Уязвимость компонента Cryptography APIs средства криптографической защиты Bouncy Castle, позволяющая нарушителю раскрыть защищаемую информацию