CVE-2024-30172

A flaw was found in the Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to an Infinite loop issue in ED25519 verification in the ScalarUtil class. This flaw allows an attacker to send a malicious signature and public key to trigger a denial of service...

CVE-2024-30172

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...

CVE-2024-30172

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...

Bouncy Castle 安全漏洞

Bouncy Castle is a collection of APIs used in cryptography organized by Bouncy Castle. It includes APIs for the Java and C programming languages . A security vulnerability exists in the Bouncy Castle Java Cryptography APIs prior to version 1.78, which stems from the Ed25519 captcha infinite loop...

Bouncy Castle crafted signature and public key can be used to trigger an infinite loop

An issue was discovered in Bouncy Castle Java Cryptography APIs starting in 1.73 and before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...

Bouncy Castle crafted signature and public key can be used to trigger an infinite loop

An issue was discovered in Bouncy Castle Java Cryptography APIs starting in 1.73 and before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...

CVE-2024-29857

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of th...

CVE-2024-30172

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...

CVE-2024-30172

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...

CVE-2024-30172

CVE-2024-30172 refers to a vulnerability in Bouncy Castle Java Cryptography APIs prior to 1.78 where an Ed25519 verification path can enter an infinite loop when processing a crafted signature and public key. The connected IBM security bulletin confirms the same CVE-ID and recommends upgrading to...

CVE-2024-30172

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...

SUSE CVE-2024-34447

An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 ships with BC Java 1.78, BC Java LTS 2.73.6 and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname as happens...

Bouncy Castle Java Cryptography API vulnerable to DNS poisoning

An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 ships with BC Java 1.78, BC Java LTS 2.73.6 and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname as happens...

CVE-2024-34447

An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 ships with BC Java 1.78, BC Java LTS 2.73.6 and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname as happens...

CVE-2024-34447

An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 ships with BC Java 1.78, BC Java LTS 2.73.6 and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname as happens...

CVE-2024-34447

An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 ships with BC Java 1.78, BC Java LTS 2.73.6 and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname as happens...

app.cash.backfila:client-misk (>=2023.12.01.210510-f61f157 <=2025.09.02.174848-7b27340), app.cash.backfila:client-misk-hibernate (>=2023.12.01.210510-f61f157 <=2025.01.16.180443-b0fbc31) +1597 more potentially affected by CVE-2023-33202 via org.bouncycastle:bcpkix-jdk18on (>=1.71 <=1.72)

org.bouncycastle:bcpkix-jdk18on MAVEN version =1.71, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =4.8.3, =1.4.0, =8.1.0.563, =1.1, =1.0.0, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.7.12 and more Source cves: CVE-2023-3320...

SUSE CVE-2014-0878

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier f...

SUSE CVE-2015-0478

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE...

SUSE CVE-2016-1000340

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed org.bouncycastle.math.raw.Nat???. These classes are used by our custom elliptic curve implementations...