CVE-2024-30172

HIGH

Bouncy Castle <1.78 - Info Disclosure

Title source: llm

Description

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

References (2)

Core 2

Core References

Various Sources

https://www.bouncycastle.org/latest_releases.html

Vendor Advisory

https://security.netapp.com/advisory/ntap-20240614-0007/

Scores

CVSS v3 7.5

EPSS 0.0008

EPSS Percentile 22.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (8)

nuget/BouncyCastle 0NuGet

nuget/BouncyCastle.Cryptography 0 - 2.3.1NuGet

org.bouncycastle/bcprov-jdk14 1.73 - 1.78Maven

org.bouncycastle/bcprov-jdk15to18 1.73 - 1.78Maven

org.bouncycastle/bcprov-jdk18on 1.73 - 1.78Maven

org.bouncycastle/bctls-jdk14 1.73 - 1.78Maven

org.bouncycastle/bctls-jdk15to18 1.73 - 1.78Maven

org.bouncycastle/bctls-jdk18on 1.73 - 1.78Maven

Published May 14, 2024

Tracked Since Feb 18, 2026