We found results for “”
CVE-2024-29857
Good to know:
Date: May 9, 2024
An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
Language: C#
Severity Score
Related Resources (7)
Severity Score
Weakness Type (CWE)
Uncontrolled Resource Consumption ('Resource Exhaustion')
CWE-400Top Fix
Upgrade Version
Upgrade to version org.bouncycastle:bcprov-jdk15to18:1.78, org.bouncycastle:bcprov-jdk18on:1.78, BouncyCastle.Cryptography - 2.3.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |