Description Preview
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
Overview
This vulnerability affects Bouncy Castle Java (BC Java) versions before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. It can result in high CPU consumption due to the processing of malicious F2m parameters in EC certificates.
Remediation
To remediate this vulnerability, users are advised to update to the latest patched versions of the affected software:
- Upgrade to Bouncy Castle Java version 1.78 or later.
- Upgrade to Bouncy Castle Java LTS version 2.73.6 or later.
- Upgrade to BC-FJA version 1.0.2.5 or later.
- Upgrade to BC C# .Net version 2.3.1 or later.
References
- Bouncy Castle Latest Releases: https://www.bouncycastle.org/latest_releases.html
- Bouncy Castle Java CVE-2024-29857: https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
- Bouncy Castle C# .Net CVE-2024-29857: https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
- NetApp Security Advisory: https://security.netapp.com/advisory/ntap-20241206-0008/
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- ManufacturingManufacturing
- Public AdministrationPublic Administration
- Health Care & Social AssistanceHealth Care & Social Assistance
- Transportation & WarehousingTransportation & Warehousing
- Finance and InsuranceFinance and Insurance
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- UtilitiesUtilities
- Retail TradeRetail Trade
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- Educational ServicesEducational Services
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- Other Services (except Public Administration)Other Services (except Public Administration)
- Wholesale TradeWholesale Trade
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- ConstructionConstruction
- InformationInformation
- MiningMining
- Real Estate Rental & LeasingReal Estate Rental & Leasing
