Description
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
References (4)
Core 4
Core References
Various Sources
https://www.bouncycastle.org/latest_releases.html
Vendor Advisory
https://security.netapp.com/advisory/ntap-20241206-0008/
Third Party Advisory
https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
Third Party Advisory
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
Scores
CVSS v3
7.5
EPSS
0.0026
EPSS Percentile
49.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
Status
published
Products (10)
nuget/BouncyCastle
0NuGet
nuget/BouncyCastle.Cryptography
0 - 2.3.1NuGet
org.bouncycastle/bc-fips
0 - 1.0.2.5Maven
org.bouncycastle/bcprov-jdk14
0 - 1.78Maven
org.bouncycastle/bcprov-jdk15on
0 - 1.78Maven
org.bouncycastle/bcprov-jdk15to18
0 - 1.78Maven
org.bouncycastle/bcprov-jdk18on
0 - 1.78Maven
org.bouncycastle/bctls-jdk14
0 - 1.78Maven
org.bouncycastle/bctls-jdk15to18
0 - 1.78Maven
org.bouncycastle/bctls-jdk18on
0 - 1.78Maven
Published
May 14, 2024
Tracked Since
Feb 18, 2026