Skip to main content

Out-of-bounds Read in BouncyCastle

CVE-2024-29857

  • BouncyCastle
  • BouncyCastle.Core
  • BouncyCastle.CoreClr
  • BouncyCastle.Crypto.1.8.6
  • BouncyCastle.Crypto
  • BouncyCastle.Crypto.dll
  • BouncyCastle.Cryptoe
  • BouncyCastle.Cryptography
  • BouncyCastle.Crypto.NetCore
  • BouncyCastle.Diffie-hellman
  • BouncyCastle.NetCore
  • BouncyCastle.NetCoreSdk
  • BouncyCastle.NetFramework
  • BouncyCastle.OpenPgp
  • BouncyCastle.OpenPGP
  • BouncyCastle.zzBit
  • org.bouncycastle:bc-fips
  • org.bouncycastle:bc-fips-debug
  • org.bouncycastle:bcprov-debug-jdk14
  • org.bouncycastle:bcprov-debug-jdk15on
  • org.bouncycastle:bcprov-debug-jdk18on
  • org.bouncycastle:bcprov-debug-jdk15to18
  • org.bouncycastle:bcprov-ext-debug-jdk14
  • org.bouncycastle:bcprov-ext-debug-jdk15on
  • org.bouncycastle:bcprov-ext-debug-jdk18on
  • org.bouncycastle:bcprov-ext-debug-jdk15to18
  • org.bouncycastle:bcprov-ext-jdk14
  • org.bouncycastle:bcprov-ext-jdk15on
  • org.bouncycastle:bcprov-ext-jdk18on
  • org.bouncycastle.bcprov-ext-jdk15on.1.57.org.bouncycastle:bcprov-ext-jdk15on
  • org.bouncycastle:bcprov-ext-jdk15to18
  • org.bouncycastle:bcprov-jdk14
  • org.bouncycastle:bcprov-jdk15+
  • org.bouncycastle:bcprov-jdk15
  • org.bouncycastle:bcprov-jdk16
  • org.bouncycastle:bcprov-jdk15on
  • org.bouncycastle:bcprov-jdk18on
  • org.bouncycastle.bcprov-jdk15on.1.57.org.bouncycastle:bcprov-jdk15on
  • org.bouncycastle:bcprov-jdk15to18
  • org.bouncycastle:bcprov-lts8on
Medium
5.3/10

Summary

An issue was discovered in "ECCurve.java" and "ECCurve.cs" in Bouncy Castle Java (BC Java) versions prior to 1.78, BC Java LTS versions prior to 2.73.6, BC-FJA versions prior to 1.0.2.5, and BC C#. Net versions prior to 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • LOW

CWE-125 - Out-of-Bounds Read

Out-of-bounds read is a vulnerability that allows access to memory beyond the authorized accessible location. Such a vulnerability compromises the confidentiality of the trusted environment in the application and enables an attacker to launch further attacks by leveraging the exposed information.

References

Advisory Timeline

  • Published