Bouncy Castle is vulnerable to an infinite loop. The vulnerability is due to insufficient verification of signatures and public keys during Ed25519 verification, allowing attackers to trigger a denial of service (DoS) due to the infinite loop.
github.com/bcgit/bc-java/commit/9c165791b68a204678b48ec11e4e579754c2ea49
github.com/bcgit/bc-java/issues/1599
security.netapp.com/advisory/ntap-20240614-0007/
www.bouncycastle.org/latest_releases.html
www.bouncycastle.org/releasenotes.html#:~:text=exception%20processing%20eliminated.-,CVE%2D2024%2D30172,-%2D%20Crafted%20signature%20and