CVE-2024-29857

May 14, 2024, 4:13 p.m.

Tags

cve@mitre.org
2024-05-14
CVE-2024-29857

Product(s) Impacted

Bouncy Castle Java (BC Java)

  • before 1.78
  • BC Java LTS before 2.73.6

BC-FJA

  • before 1.0.2.5

BC C# .Net

  • before 2.3.1

Description

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.

Weaknesses

Date

Published: May 14, 2024, 3:17 p.m.

Last Modified: May 14, 2024, 4:13 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cve@mitre.org

References

https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
cve@mitre.org
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
cve@mitre.org
https://www.bouncycastle.org/latest_releases.html
cve@mitre.org