Bug 2293028 (CVE-2024-29857) - CVE-2024-29857 org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service
Summary: CVE-2024-29857 org.bouncycastle: Importing an EC certificate with crafted F2m...
Keywords:
Status: NEW
Alias: CVE-2024-29857
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2293027
TreeView+ depends on / blocked
 
Reported: 2024-06-19 03:36 UTC by Patrick Del Bello
Modified: 2024-09-25 17:11 UTC (History)
78 users (show)

Fixed In Version: BC Java 1.78
Doc Type: ---
Doc Text:
A vulnerability was found in Bouncy Castle. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java). Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:4271 0 None None None 2024-07-02 16:24:08 UTC
Red Hat Product Errata RHSA-2024:4326 0 None None None 2024-07-08 14:13:13 UTC
Red Hat Product Errata RHSA-2024:4505 0 None None None 2024-07-11 12:28:35 UTC
Red Hat Product Errata RHSA-2024:4884 0 None None None 2024-07-25 19:26:42 UTC
Red Hat Product Errata RHSA-2024:5143 0 None None None 2024-08-08 17:23:47 UTC
Red Hat Product Errata RHSA-2024:5144 0 None None None 2024-08-08 17:24:15 UTC
Red Hat Product Errata RHSA-2024:5145 0 None None None 2024-08-08 17:22:30 UTC
Red Hat Product Errata RHSA-2024:5147 0 None None None 2024-08-08 17:25:13 UTC
Red Hat Product Errata RHSA-2024:5479 0 None None None 2024-08-15 20:09:12 UTC
Red Hat Product Errata RHSA-2024:5481 0 None None None 2024-08-15 20:09:30 UTC
Red Hat Product Errata RHSA-2024:5482 0 None None None 2024-08-15 20:07:21 UTC

Description Patrick Del Bello 2024-06-19 03:36:37 UTC
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.

https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
https://www.bouncycastle.org/latest_releases.html

Comment 2 errata-xmlrpc 2024-07-02 16:24:04 UTC
This issue has been addressed in the following products:

  Red Hat JBoss AMQ

Via RHSA-2024:4271 https://access.redhat.com/errata/RHSA-2024:4271

Comment 3 errata-xmlrpc 2024-07-08 14:13:09 UTC
This issue has been addressed in the following products:

  Red Hat build of Quarkus 3.8.5

Via RHSA-2024:4326 https://access.redhat.com/errata/RHSA-2024:4326

Comment 4 errata-xmlrpc 2024-07-11 12:28:31 UTC
This issue has been addressed in the following products:

  Red Hat Build of Apache Camel 4.4 for Quarkus 3.8

Via RHSA-2024:4505 https://access.redhat.com/errata/RHSA-2024:4505

Comment 6 errata-xmlrpc 2024-07-25 19:26:37 UTC
This issue has been addressed in the following products:

  Red Hat build of Apache Camel 4.4.1 for Spring Boot

Via RHSA-2024:4884 https://access.redhat.com/errata/RHSA-2024:4884

Comment 7 errata-xmlrpc 2024-08-08 17:22:25 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2024:5145 https://access.redhat.com/errata/RHSA-2024:5145

Comment 8 errata-xmlrpc 2024-08-08 17:23:43 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2024:5143 https://access.redhat.com/errata/RHSA-2024:5143

Comment 9 errata-xmlrpc 2024-08-08 17:24:10 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2024:5144 https://access.redhat.com/errata/RHSA-2024:5144

Comment 10 errata-xmlrpc 2024-08-08 17:25:08 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2024:5147 https://access.redhat.com/errata/RHSA-2024:5147

Comment 11 errata-xmlrpc 2024-08-15 20:07:16 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2024:5482 https://access.redhat.com/errata/RHSA-2024:5482

Comment 12 errata-xmlrpc 2024-08-15 20:09:08 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Via RHSA-2024:5479 https://access.redhat.com/errata/RHSA-2024:5479

Comment 13 errata-xmlrpc 2024-08-15 20:09:26 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

Via RHSA-2024:5481 https://access.redhat.com/errata/RHSA-2024:5481


Note You need to log in before you can comment on or make changes to this bug.