Bug 2293025 (CVE-2024-30172)
| Summary: | CVE-2024-30172 org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aazores, anstephe, arnavarr, asoldano, ataylor, avibelli, bbaranow, bgeorges, bmaxwell, boliveir, brian.stansberry, cdewolf, chazlett, chfoley, clement.escoffier, cmah, dandread, darran.lofthouse, dkreling, dosoudil, dpalmer, drichtar, eaguilar, ebaron, fjuma, fmariani, fmongiar, gmalinko, gsmet, hamadhan, istudens, ivassile, iweiss, janstey, jkang, jkoops, jmartisk, jnethert, jolong, jpallich, jpoth, jross, jscholz, lgao, lthon, manderse, max.andersen, mosmerov, msochure, mstefank, msvehla, mulliken, nwallace, olubyans, pdelbell, pdrozd, peholase, pesilva, pgallagh, pjindal, pmackay, probinso, pskopek, rkieley, rmartinc, rowaters, rruss, rstancel, rstepani, rsvoboda, sausingh, sbiarozk, sfroberg, smaestri, sthorger, swoodman, tcunning, tom.jenkinson, tqvarnst, yfang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | org.bouncycastle-bcprov-jdk18on 1.78 | Doc Type: | --- |
| Doc Text: |
A flaw was found in the Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to an Infinite loop issue in ED25519 verification in the ScalarUtil class. This flaw allows an attacker to send a malicious signature and public key to trigger a denial of service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Avinash Hanwate
2024-06-19 02:58:03 UTC
This issue has been addressed in the following products: Red Hat JBoss AMQ Via RHSA-2024:4271 https://access.redhat.com/errata/RHSA-2024:4271 This issue has been addressed in the following products: Red Hat build of Quarkus 3.8.5 Via RHSA-2024:4326 https://access.redhat.com/errata/RHSA-2024:4326 This issue has been addressed in the following products: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 Via RHSA-2024:4505 https://access.redhat.com/errata/RHSA-2024:4505 This issue has been addressed in the following products: Red Hat build of Apache Camel 4.4.1 for Spring Boot Via RHSA-2024:4884 https://access.redhat.com/errata/RHSA-2024:4884 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2024:5145 https://access.redhat.com/errata/RHSA-2024:5145 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2024:5143 https://access.redhat.com/errata/RHSA-2024:5143 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2024:5144 https://access.redhat.com/errata/RHSA-2024:5144 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2024:5147 https://access.redhat.com/errata/RHSA-2024:5147 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2024:5482 https://access.redhat.com/errata/RHSA-2024:5482 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Via RHSA-2024:5479 https://access.redhat.com/errata/RHSA-2024:5479 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Via RHSA-2024:5481 https://access.redhat.com/errata/RHSA-2024:5481 |