mirrored from https://www.bouncycastle.org/repositories/bc-java
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
CVE‐2024‐30172
David Hook edited this page May 11, 2024
·
2 revisions
Issue affecting: BC Java 1.77 and earlier. BC Java (LTS) 2.73.5 and earlier. BC C# .NET 2.3.0 and earlier.
Fixed versions: BC Java 1.78. BC Java (LTS) 2.73.6. BC C# .NET 2.3.1
Platform affected: All JVMs. All CLRs.
Crafted signature and public key can be used to trigger an infinite loop in the Ed25519 verification code.
Fix Commit:
Java https://github.com/bcgit/bc-java/commit/ebe1c75579170072dc59b8dee2b55ce31663178f
C# .NET https://github.com/bcgit/bc-csharp/commit/1e96ddd13bf69786c1b8a0a2f826059c26047a41