Bouncy Castle crafted signature and public key can be used to trigger an infinite loop

2024-05-1415:32:54

CWE-835

GitHub Advisory Database

github.com

bouncy castle

ed25519

verification

infinite loop

crafted signature

public key

6.9 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

Affected configurations

Vulners

Node

github_advisory_databasebouncycastle.cryptographyRange<2.3.1

github_advisory_databasebouncycastleRange<2.3.1

org.bouncycastle\bcpkixMatchjdk14

org.bouncycastle\bcpkixMatchjdk15to18

org.bouncycastle\bcpkixMatchjdk18on

org.bouncycastle\bctlsMatchjdk15to18

org.bouncycastle\bctlsMatchjdk14

org.bouncycastle\bctlsMatchjdk18on

org.bouncycastle\bcprovMatchjdk14

org.bouncycastle\bcprovMatchjdk15to18

org.bouncycastle\bcprovMatchjdk15on

org.bouncycastle\bcprovMatchjdk18on

CPENameOperatorVersion
bouncycastle.cryptographylt2.3.1
bouncycastlelt2.3.1
org.bouncycastle:bcpkix-jdk14lt1.78
org.bouncycastle:bcpkix-jdk15to18lt1.78
org.bouncycastle:bcpkix-jdk18onlt1.78
org.bouncycastle:bctls-jdk15to18lt1.78
org.bouncycastle:bctls-jdk14lt1.78
org.bouncycastle:bctls-jdk18onlt1.78
org.bouncycastle:bcprov-jdk14lt1.78
org.bouncycastle:bcprov-jdk15to18lt1.78

Name	Operator	Version
bouncycastle.cryptography	lt	2.3.1
bouncycastle	lt	2.3.1
org.bouncycastle:bcpkix-jdk14	lt	1.78
org.bouncycastle:bcpkix-jdk15to18	lt	1.78
org.bouncycastle:bcpkix-jdk18on	lt	1.78
org.bouncycastle:bctls-jdk15to18	lt	1.78
org.bouncycastle:bctls-jdk14	lt	1.78
org.bouncycastle:bctls-jdk18on	lt	1.78
org.bouncycastle:bcprov-jdk14	lt	1.78
org.bouncycastle:bcprov-jdk15to18	lt	1.78