5 matches found
EUVD-2024-1533
Malicious code in bioql PyPI...
org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service
A vulnerability was found in Bouncy Castle. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters...
The vulnerabilities in the files ECCurve.java and ECCurve.cs of the EC module verification library in the Math library of Bouncy Castle Crypto Package For Java (BC Java), Bouncy Castle Java Long Term Stable (LTS) (BC-LJA), Bouncy Castle FIPS Java API (BC-FJA), and Bouncy Castle Cryptography Library For .NET allow a hacker to cause a service failure.
The vulnerabilities of the ECCurve.java and ECCurve.cs files from the Math key verification library of the EC module in the Bouncy Castle Crypto Package for Java BC Java, Bouncy Castle Java Long Term Stable LTS BC-LJA, Bouncy Castle FIPS Java API BC-FJA, and Bouncy Castle Cryptography Library For...
org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service
A vulnerability was found in Bouncy Castle. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters...
Allocation of Resources Without Limits or Throttling
Overview BouncyCastle is a C implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the solveQuadraticEquation function used for certificate verification in ECCurve.java. Passing a large f2m parameter...