Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-30172

Опубликовано: 09 мая 2024
Источник: redhat
CVSS3: 7.5

Описание

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

A flaw was found in the Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to an Infinite loop issue in ED25519 verification in the ScalarUtil class. This flaw allows an attacker to send a malicious signature and public key to trigger a denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Cryostat 2org.bouncycastle:bcprov-jdk18onWill not fix
Cryostat 3org.bouncycastle:bcprov-jdk18onNot affected
Red Hat build of Apache Camel for Spring Boot 3org.bouncycastle:bcprov-jdk18onNot affected
Red Hat Build of Keycloakorg.bouncycastle:bcprov-jdk18onAffected
Red Hat Data Grid 8org.bouncycastle:bcprov-jdk18onNot affected
Red Hat Fuse 7org.bouncycastle:bcprov-jdk18onNot affected
Red Hat JBoss Enterprise Application Platform Expansion Packorg.bouncycastle:bcprov-jdk18onNot affected
streams for Apache Kafkaorg.bouncycastle:bcprov-jdk18onWill not fix
Important: Red Hat JBoss Enterprise Application Platform 7.4.18 Security updateorg.bouncycastleFixedRHSA-2024:514708.08.2024
Red Hat AMQ Broker 7org.bouncycastleFixedRHSA-2024:427102.07.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=2293025org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-30172

CVSS3: 7.5
ubuntu
больше 1 года назад

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

nvd логотип

CVE-2024-30172

CVSS3: 7.5
nvd
больше 1 года назад

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

debian логотип

CVE-2024-30172

CVSS3: 7.5
debian
больше 1 года назад

An issue was discovered in Bouncy Castle Java Cryptography APIs before ...

github логотип

GHSA-m44j-cfrm-g8qc

CVSS3: 5.3
github
больше 1 года назад

Bouncy Castle crafted signature and public key can be used to trigger an infinite loop

fstec логотип

BDU:2025-14524

CVSS3: 7.5
fstec
больше 1 года назад

Уязвимость компонента Cryptography APIs средства криптографической защиты Bouncy Castle, позволяющая нарушителю раскрыть защищаемую информацию

7.5 High

CVSS3