Vulnerabilities disclosed in org.bouncycastle.bcprov-jdk18on

Issue date: 02-10-2024
Affects versions: 15.6, 15.5, 14.7

Security Issue ID:

SECURITY-558

Affected Product Version(s)

15.6.0, 14.7.20 (and previous patch releases)

Severity

High

Description

CVE-2024-29857

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.

CVSS v3 Base Score: 7.5

CWE-400: Uncontrolled Resource Consumption

Instructions

Customers are recommended to upgrade to the latest version. As of the time of writing, 14.7.21, 15.7.0.

Get Started

Build a Website

Relevance Trail

Feed an AngularJS App

Deploy in BloomReach Cloud

Use Blue-Green Deployment in BloomReach Cloud

Understand

Implement

Extend

Integrate

Run

Upgrade

Develop

Use

Bloomreach Documentation version

Vulnerabilities disclosed in org.bouncycastle.bcprov-jdk18on