Bug 2293025 (CVE-2024-30172) - CVE-2024-30172 org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class
Summary: CVE-2024-30172 org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 veri...
Keywords:
Status: NEW
Alias: CVE-2024-30172
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-06-19 02:58 UTC by Avinash Hanwate
Modified: 2024-08-15 20:09 UTC (History)
75 users (show)

Fixed In Version: org.bouncycastle-bcprov-jdk18on 1.78
Doc Type: ---
Doc Text:
A flaw was found in the Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to an Infinite loop issue in ED25519 verification in the ScalarUtil class. This flaw allows an attacker to send a malicious signature and public key to trigger a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:4271 0 None None None 2024-07-02 16:24:07 UTC
Red Hat Product Errata RHSA-2024:4326 0 None None None 2024-07-08 14:13:03 UTC
Red Hat Product Errata RHSA-2024:4505 0 None None None 2024-07-11 12:28:30 UTC
Red Hat Product Errata RHSA-2024:4884 0 None None None 2024-07-25 19:26:39 UTC
Red Hat Product Errata RHSA-2024:5143 0 None None None 2024-08-08 17:23:40 UTC
Red Hat Product Errata RHSA-2024:5144 0 None None None 2024-08-08 17:24:12 UTC
Red Hat Product Errata RHSA-2024:5145 0 None None None 2024-08-08 17:22:29 UTC
Red Hat Product Errata RHSA-2024:5147 0 None None None 2024-08-08 17:25:11 UTC
Red Hat Product Errata RHSA-2024:5479 0 None None None 2024-08-15 20:09:01 UTC
Red Hat Product Errata RHSA-2024:5481 0 None None None 2024-08-15 20:09:26 UTC
Red Hat Product Errata RHSA-2024:5482 0 None None None 2024-08-15 20:07:18 UTC

Description Avinash Hanwate 2024-06-19 02:58:03 UTC
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

https://security.netapp.com/advisory/ntap-20240614-0007/
https://www.bouncycastle.org/latest_releases.html

Comment 2 errata-xmlrpc 2024-07-02 16:24:03 UTC
This issue has been addressed in the following products:

  Red Hat JBoss AMQ

Via RHSA-2024:4271 https://access.redhat.com/errata/RHSA-2024:4271

Comment 3 errata-xmlrpc 2024-07-08 14:12:58 UTC
This issue has been addressed in the following products:

  Red Hat build of Quarkus 3.8.5

Via RHSA-2024:4326 https://access.redhat.com/errata/RHSA-2024:4326

Comment 4 errata-xmlrpc 2024-07-11 12:28:24 UTC
This issue has been addressed in the following products:

  Red Hat Build of Apache Camel 4.4 for Quarkus 3.8

Via RHSA-2024:4505 https://access.redhat.com/errata/RHSA-2024:4505

Comment 6 errata-xmlrpc 2024-07-25 19:26:35 UTC
This issue has been addressed in the following products:

  Red Hat build of Apache Camel 4.4.1 for Spring Boot

Via RHSA-2024:4884 https://access.redhat.com/errata/RHSA-2024:4884

Comment 7 errata-xmlrpc 2024-08-08 17:22:24 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2024:5145 https://access.redhat.com/errata/RHSA-2024:5145

Comment 8 errata-xmlrpc 2024-08-08 17:23:35 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2024:5143 https://access.redhat.com/errata/RHSA-2024:5143

Comment 9 errata-xmlrpc 2024-08-08 17:24:08 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2024:5144 https://access.redhat.com/errata/RHSA-2024:5144

Comment 10 errata-xmlrpc 2024-08-08 17:25:07 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2024:5147 https://access.redhat.com/errata/RHSA-2024:5147

Comment 11 errata-xmlrpc 2024-08-15 20:07:14 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2024:5482 https://access.redhat.com/errata/RHSA-2024:5482

Comment 12 errata-xmlrpc 2024-08-15 20:08:57 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Via RHSA-2024:5479 https://access.redhat.com/errata/RHSA-2024:5479

Comment 13 errata-xmlrpc 2024-08-15 20:09:21 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

Via RHSA-2024:5481 https://access.redhat.com/errata/RHSA-2024:5481


Note You need to log in before you can comment on or make changes to this bug.