2293028 – (CVE-2024-29857) CVE-2024-29857 org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service

Bug 2293028 (CVE-2024-29857) - CVE-2024-29857 org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service

Summary: CVE-2024-29857 org.bouncycastle: Importing an EC certificate with crafted F2m...

Keywords:
Status:	NEW
Alias:	CVE-2024-29857
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2293027
TreeView+	depends on / blocked

Reported:	2024-06-19 03:36 UTC by Patrick Del Bello
Modified:	2025-02-26 12:45 UTC (History)
CC List:	81 users (show)
Fixed In Version:	BC Java 1.78
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:4271	None	None	None	2024-07-02 16:24:08 UTC
Red Hat Product Errata	RHSA-2024:4326	None	None	None	2024-07-08 14:13:13 UTC
Red Hat Product Errata	RHSA-2024:4505	None	None	None	2024-07-11 12:28:35 UTC
Red Hat Product Errata	RHSA-2024:4884	None	None	None	2024-07-25 19:26:42 UTC
Red Hat Product Errata	RHSA-2024:5143	None	None	None	2024-08-08 17:23:47 UTC
Red Hat Product Errata	RHSA-2024:5144	None	None	None	2024-08-08 17:24:15 UTC
Red Hat Product Errata	RHSA-2024:5145	None	None	None	2024-08-08 17:22:30 UTC
Red Hat Product Errata	RHSA-2024:5147	None	None	None	2024-08-08 17:25:13 UTC
Red Hat Product Errata	RHSA-2024:5479	None	None	None	2024-08-15 20:09:12 UTC
Red Hat Product Errata	RHSA-2024:5481	None	None	None	2024-08-15 20:09:30 UTC
Red Hat Product Errata	RHSA-2024:5482	None	None	None	2024-08-15 20:07:21 UTC

Description Patrick Del Bello 2024-06-19 03:36:37 UTC

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.

https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
https://www.bouncycastle.org/latest_releases.html

Comment 2 errata-xmlrpc 2024-07-02 16:24:04 UTC

This issue has been addressed in the following products:

  Red Hat JBoss AMQ

Via RHSA-2024:4271 https://access.redhat.com/errata/RHSA-2024:4271

Comment 3 errata-xmlrpc 2024-07-08 14:13:09 UTC

This issue has been addressed in the following products:

  Red Hat build of Quarkus 3.8.5

Via RHSA-2024:4326 https://access.redhat.com/errata/RHSA-2024:4326

Comment 4 errata-xmlrpc 2024-07-11 12:28:31 UTC

This issue has been addressed in the following products:

  Red Hat Build of Apache Camel 4.4 for Quarkus 3.8

Via RHSA-2024:4505 https://access.redhat.com/errata/RHSA-2024:4505

Comment 6 errata-xmlrpc 2024-07-25 19:26:37 UTC

This issue has been addressed in the following products:

  Red Hat build of Apache Camel 4.4.1 for Spring Boot

Via RHSA-2024:4884 https://access.redhat.com/errata/RHSA-2024:4884

Comment 7 errata-xmlrpc 2024-08-08 17:22:25 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2024:5145 https://access.redhat.com/errata/RHSA-2024:5145

Comment 8 errata-xmlrpc 2024-08-08 17:23:43 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2024:5143 https://access.redhat.com/errata/RHSA-2024:5143

Comment 9 errata-xmlrpc 2024-08-08 17:24:10 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2024:5144 https://access.redhat.com/errata/RHSA-2024:5144

Comment 10 errata-xmlrpc 2024-08-08 17:25:08 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2024:5147 https://access.redhat.com/errata/RHSA-2024:5147

Comment 11 errata-xmlrpc 2024-08-15 20:07:16 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2024:5482 https://access.redhat.com/errata/RHSA-2024:5482

Comment 12 errata-xmlrpc 2024-08-15 20:09:08 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Via RHSA-2024:5479 https://access.redhat.com/errata/RHSA-2024:5479

Comment 13 errata-xmlrpc 2024-08-15 20:09:26 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

Via RHSA-2024:5481 https://access.redhat.com/errata/RHSA-2024:5481

Note You need to log in before you can comment on or make changes to this bug.

aazores
anstephe
arnavarr
asoldano
ataylor
avibelli
bbaranow
bgeorges
bmaxwell
boliveir
brian.stansberry
cdewolf
chazlett
chfoley
clement.escoffier
cmah
dandread
darran.lofthouse
dkreling
dosoudil
dpalmer
drichtar
eaguilar
ebaron
fjuma
fmariani
fmongiar
gmalinko
gsmet
hamadhan
istudens
ivassile
iweiss
janstey
jkang
jkoops
jmartisk
jnethert
jolong
jpallich
jpoth
jross
jscholz
lgao
lthon
manderse
max.andersen
mosmerov
msochure
mstefank
msvehla
mulliken
nwallace
olubyans
pdelbell
pdrozd
peholase
pesilva
pgallagh
pjindal
pmackay
probinso
pskopek
rkieley
rmartinc
rowaters
rruss
rstancel
rstepani
rsvoboda
sausingh
sbiarozk
sdouglas
sfroberg
smaestri
sthorger
swoodman
tcunning
tom.jenkinson
tqvarnst
yfang