CVE-2024-30172

org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class

Description

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

INFO

Published Date :

2024-05-09T00:00:00.000Z

Last Modified :

2024-11-05T17:15:29.205Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2024-30172 vulnerability.

Vendors	Products
Bouncycastle	Legion-of-the-bouncy-castle-java-crytography-api
Redhat	Amq Broker Apache Camel Spring Boot Camel Quarkus Jboss Enterprise Application Platform Quarkus

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-30172.

URL	Resource
https://nvd.nist.gov/vuln/detail/CVE-2024-30172
https://security.netapp.com/advisory/ntap-20240614-0007/
https://www.bouncycastle.org/latest_releases.html
https://www.cve.org/CVERecord?id=CVE-2024-30172

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact