High severity7.5GHSA Advisory· Published May 14, 2024· Updated Apr 15, 2026
CVE-2024-29857
CVE-2024-29857
Description
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.bouncycastle:bcprov-jdk18onMaven | < 1.78 | 1.78 |
org.bouncycastle:bcprov-jdk15onMaven | < 1.78 | 1.78 |
org.bouncycastle:bcprov-jdk15to18Maven | < 1.78 | 1.78 |
org.bouncycastle:bcprov-jdk14Maven | < 1.78 | 1.78 |
org.bouncycastle:bctls-jdk18onMaven | < 1.78 | 1.78 |
org.bouncycastle:bctls-jdk14Maven | < 1.78 | 1.78 |
org.bouncycastle:bctls-jdk15to18Maven | < 1.78 | 1.78 |
org.bouncycastle:bc-fipsMaven | < 1.0.2.5 | 1.0.2.5 |
BouncyCastleNuGet | >= 0 | — |
BouncyCastle.CryptographyNuGet | < 2.3.1 | 2.3.1 |
Affected products
198- Range: < 2.3.1
- osv-coords197 versionspkg:apk/chainguard/apache-nifipkg:apk/chainguard/bouncycastle-fipspkg:apk/chainguard/druidpkg:apk/chainguard/elasticsearch-7pkg:apk/chainguard/elasticsearch-7-bitnamipkg:apk/chainguard/elasticsearch-7-iamguardedpkg:apk/chainguard/elasticsearch-8pkg:apk/chainguard/elasticsearch-8-bitnamipkg:apk/chainguard/elasticsearch-8-configpkg:apk/chainguard/elasticsearch-8-iamguardedpkg:apk/chainguard/elasticsearch-configpkg:apk/chainguard/elasticsearch-fips-8pkg:apk/chainguard/elasticsearch-fips-8-configpkg:apk/chainguard/gradle-8pkg:apk/chainguard/hivepkg:apk/chainguard/hive-compatpkg:apk/chainguard/jruby-9.4pkg:apk/chainguard/jruby-9.4-default-rubypkg:apk/chainguard/keycloakpkg:apk/chainguard/keycloak-bitnami-compatpkg:apk/chainguard/keycloak-bitnami-fipspkg:apk/chainguard/keycloak-compatpkg:apk/chainguard/keycloak-fipspkg:apk/chainguard/keycloak-fips-bitnami-compatpkg:apk/chainguard/keycloak-fips-policy-140-2pkg:apk/chainguard/keycloak-fips-policy-140-3pkg:apk/chainguard/keycloak-iamguarded-compatpkg:apk/chainguard/keycloak-iamguarded-fipspkg:apk/chainguard/keycloak-operatorpkg:apk/chainguard/keycloak-operator-compatpkg:apk/chainguard/logstashpkg:apk/chainguard/logstash-compatpkg:apk/chainguard/logstash-env2yamlpkg:apk/chainguard/logstash-jre-bcfipspkg:apk/chainguard/logstash-with-output-opensearchpkg:apk/chainguard/opensearch-2pkg:apk/chainguard/opensearch-2-alertingpkg:apk/chainguard/opensearch-2-analysis-icupkg:apk/chainguard/opensearch-2-analysis-kuromojipkg:apk/chainguard/opensearch-2-analysis-noripkg:apk/chainguard/opensearch-2-analysis-phoneticpkg:apk/chainguard/opensearch-2-analysis-smartcnpkg:apk/chainguard/opensearch-2-analysis-stempelpkg:apk/chainguard/opensearch-2-analysis-ukrainianpkg:apk/chainguard/opensearch-2-anomaly-detectionpkg:apk/chainguard/opensearch-2-asynchronous-searchpkg:apk/chainguard/opensearch-2-cross-cluster-replicationpkg:apk/chainguard/opensearch-2-crypto-kmspkg:apk/chainguard/opensearch-2-custom-codecspkg:apk/chainguard/opensearch-2-discovery-azure-classicpkg:apk/chainguard/opensearch-2-discovery-ec2pkg:apk/chainguard/opensearch-2-discovery-gcepkg:apk/chainguard/opensearch-2-entrypoint-compatpkg:apk/chainguard/opensearch-2-geospatialpkg:apk/chainguard/opensearch-2-identity-shiropkg:apk/chainguard/opensearch-2-index-managementpkg:apk/chainguard/opensearch-2-ingest-attachmentpkg:apk/chainguard/opensearch-2-job-schedulerpkg:apk/chainguard/opensearch-2-jre-bcfipspkg:apk/chainguard/opensearch-2-jre-bcfips-alertingpkg:apk/chainguard/opensearch-2-jre-bcfips-analysis-icupkg:apk/chainguard/opensearch-2-jre-bcfips-analysis-kuromojipkg:apk/chainguard/opensearch-2-jre-bcfips-analysis-noripkg:apk/chainguard/opensearch-2-jre-bcfips-analysis-phoneticpkg:apk/chainguard/opensearch-2-jre-bcfips-analysis-smartcnpkg:apk/chainguard/opensearch-2-jre-bcfips-analysis-stempelpkg:apk/chainguard/opensearch-2-jre-bcfips-analysis-ukrainianpkg:apk/chainguard/opensearch-2-jre-bcfips-anomaly-detectionpkg:apk/chainguard/opensearch-2-jre-bcfips-asynchronous-searchpkg:apk/chainguard/opensearch-2-jre-bcfips-cross-cluster-replicationpkg:apk/chainguard/opensearch-2-jre-bcfips-crypto-kmspkg:apk/chainguard/opensearch-2-jre-bcfips-custom-codecspkg:apk/chainguard/opensearch-2-jre-bcfips-discovery-azure-classicpkg:apk/chainguard/opensearch-2-jre-bcfips-discovery-ec2pkg:apk/chainguard/opensearch-2-jre-bcfips-discovery-gcepkg:apk/chainguard/opensearch-2-jre-bcfips-geospatialpkg:apk/chainguard/opensearch-2-jre-bcfips-identity-shiropkg:apk/chainguard/opensearch-2-jre-bcfips-index-managementpkg:apk/chainguard/opensearch-2-jre-bcfips-ingest-attachmentpkg:apk/chainguard/opensearch-2-jre-bcfips-job-schedulerpkg:apk/chainguard/opensearch-2-jre-bcfips-k-nnpkg:apk/chainguard/opensearch-2-jre-bcfips-mapper-annotated-textpkg:apk/chainguard/opensearch-2-jre-bcfips-mapper-murmur3pkg:apk/chainguard/opensearch-2-jre-bcfips-mapper-sizepkg:apk/chainguard/opensearch-2-jre-bcfips-ml-commonspkg:apk/chainguard/opensearch-2-jre-bcfips-neural-searchpkg:apk/chainguard/opensearch-2-jre-bcfips-notificationspkg:apk/chainguard/opensearch-2-jre-bcfips-observabilitypkg:apk/chainguard/opensearch-2-jre-bcfips-performance-analyzerpkg:apk/chainguard/opensearch-2-jre-bcfips-reportingpkg:apk/chainguard/opensearch-2-jre-bcfips-repository-azurepkg:apk/chainguard/opensearch-2-jre-bcfips-repository-gcspkg:apk/chainguard/opensearch-2-jre-bcfips-repository-s3pkg:apk/chainguard/opensearch-2-jre-bcfips-securitypkg:apk/chainguard/opensearch-2-jre-bcfips-security-analyticspkg:apk/chainguard/opensearch-2-jre-bcfips-sqlpkg:apk/chainguard/opensearch-2-jre-bcfips-store-smbpkg:apk/chainguard/opensearch-2-jre-bcfips-telemetry-otelpkg:apk/chainguard/opensearch-2-jre-bcfips-transport-niopkg:apk/chainguard/opensearch-2-k-nnpkg:apk/chainguard/opensearch-2-mapper-annotated-textpkg:apk/chainguard/opensearch-2-mapper-murmur3pkg:apk/chainguard/opensearch-2-mapper-sizepkg:apk/chainguard/opensearch-2-ml-commonspkg:apk/chainguard/opensearch-2-neural-searchpkg:apk/chainguard/opensearch-2-notificationspkg:apk/chainguard/opensearch-2-observabilitypkg:apk/chainguard/opensearch-2-performance-analyzerpkg:apk/chainguard/opensearch-2-reportingpkg:apk/chainguard/opensearch-2-repository-azurepkg:apk/chainguard/opensearch-2-repository-gcspkg:apk/chainguard/opensearch-2-repository-s3pkg:apk/chainguard/opensearch-2-securitypkg:apk/chainguard/opensearch-2-security-analyticspkg:apk/chainguard/opensearch-2-sqlpkg:apk/chainguard/opensearch-2-store-smbpkg:apk/chainguard/opensearch-2-telemetry-otelpkg:apk/chainguard/opensearch-2-transport-niopkg:apk/chainguard/ruby3.2-bouncy-castle-javapkg:apk/chainguard/ruby3.3-bouncy-castle-javapkg:apk/chainguard/sonarqube-10pkg:apk/chainguard/sonarqube-10-docker-compatpkg:apk/chainguard/sonarqube-10-scriptspkg:apk/chainguard/tezpkg:apk/wolfi/druidpkg:apk/wolfi/gradle-8pkg:apk/wolfi/jruby-9.4pkg:apk/wolfi/jruby-9.4-default-rubypkg:apk/wolfi/keycloakpkg:apk/wolfi/keycloak-bitnami-compatpkg:apk/wolfi/keycloak-compatpkg:apk/wolfi/keycloak-iamguarded-compatpkg:apk/wolfi/keycloak-operatorpkg:apk/wolfi/keycloak-operator-compatpkg:apk/wolfi/logstashpkg:apk/wolfi/logstash-compatpkg:apk/wolfi/logstash-env2yamlpkg:apk/wolfi/logstash-with-output-opensearchpkg:apk/wolfi/opensearch-2pkg:apk/wolfi/opensearch-2-alertingpkg:apk/wolfi/opensearch-2-analysis-icupkg:apk/wolfi/opensearch-2-analysis-kuromojipkg:apk/wolfi/opensearch-2-analysis-noripkg:apk/wolfi/opensearch-2-analysis-phoneticpkg:apk/wolfi/opensearch-2-analysis-smartcnpkg:apk/wolfi/opensearch-2-analysis-stempelpkg:apk/wolfi/opensearch-2-analysis-ukrainianpkg:apk/wolfi/opensearch-2-anomaly-detectionpkg:apk/wolfi/opensearch-2-asynchronous-searchpkg:apk/wolfi/opensearch-2-cross-cluster-replicationpkg:apk/wolfi/opensearch-2-crypto-kmspkg:apk/wolfi/opensearch-2-custom-codecspkg:apk/wolfi/opensearch-2-discovery-azure-classicpkg:apk/wolfi/opensearch-2-discovery-ec2pkg:apk/wolfi/opensearch-2-discovery-gcepkg:apk/wolfi/opensearch-2-geospatialpkg:apk/wolfi/opensearch-2-identity-shiropkg:apk/wolfi/opensearch-2-index-managementpkg:apk/wolfi/opensearch-2-ingest-attachmentpkg:apk/wolfi/opensearch-2-job-schedulerpkg:apk/wolfi/opensearch-2-k-nnpkg:apk/wolfi/opensearch-2-mapper-annotated-textpkg:apk/wolfi/opensearch-2-mapper-murmur3pkg:apk/wolfi/opensearch-2-mapper-sizepkg:apk/wolfi/opensearch-2-ml-commonspkg:apk/wolfi/opensearch-2-neural-searchpkg:apk/wolfi/opensearch-2-notificationspkg:apk/wolfi/opensearch-2-observabilitypkg:apk/wolfi/opensearch-2-performance-analyzerpkg:apk/wolfi/opensearch-2-reportingpkg:apk/wolfi/opensearch-2-repository-azurepkg:apk/wolfi/opensearch-2-repository-gcspkg:apk/wolfi/opensearch-2-repository-s3pkg:apk/wolfi/opensearch-2-securitypkg:apk/wolfi/opensearch-2-security-analyticspkg:apk/wolfi/opensearch-2-sqlpkg:apk/wolfi/opensearch-2-store-smbpkg:apk/wolfi/opensearch-2-telemetry-otelpkg:apk/wolfi/opensearch-2-transport-niopkg:apk/wolfi/ruby3.2-bouncy-castle-javapkg:apk/wolfi/ruby3.3-bouncy-castle-javapkg:apk/wolfi/sonarqube-10pkg:apk/wolfi/sonarqube-10-docker-compatpkg:apk/wolfi/sonarqube-10-scriptspkg:apk/wolfi/tezpkg:maven/org.bouncycastle/bc-fipspkg:maven/org.bouncycastle/bcprov-jdk14pkg:maven/org.bouncycastle/bcprov-jdk15onpkg:maven/org.bouncycastle/bcprov-jdk15to18pkg:maven/org.bouncycastle/bcprov-jdk18onpkg:maven/org.bouncycastle/bctls-jdk14pkg:maven/org.bouncycastle/bctls-jdk15to18pkg:maven/org.bouncycastle/bctls-jdk18onpkg:nuget/bouncycastlepkg:nuget/bouncycastle.cryptographypkg:rpm/opensuse/bouncycastle&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/itextpdf&distro=openSUSE%20Tumbleweed
< 1.26.0-r2+ 196 more
- (no CPE)range: < 1.26.0-r2
- (no CPE)range: < 2.0.0-r0
- (no CPE)range: < 37.0.0-r8
- (no CPE)range: < 7.17.22-r0
- (no CPE)range: < 7.17.22-r0
- (no CPE)range: < 7.17.22-r0
- (no CPE)range: < 8.13.4-r1
- (no CPE)range: < 8.13.4-r1
- (no CPE)range: < 8.13.4-r1
- (no CPE)range: < 8.13.4-r1
- (no CPE)range: < 8.13.4-r1
- (no CPE)range: < 8.13.4-r1
- (no CPE)range: < 8.13.4-r1
- (no CPE)range: < 8.7.0-r4
- (no CPE)range: < 4.0.1-r1
- (no CPE)range: < 4.0.1-r1
- (no CPE)range: < 9.4.8.0-r0
- (no CPE)range: < 9.4.8.0-r0
- (no CPE)range: < 25.0.0-r0
- (no CPE)range: < 25.0.0-r0
- (no CPE)range: < 25.0.0-r0
- (no CPE)range: < 25.0.0-r0
- (no CPE)range: < 25.0.0-r0
- (no CPE)range: < 25.0.0-r0
- (no CPE)range: < 25.0.0-r0
- (no CPE)range: < 25.0.0-r0
- (no CPE)range: < 25.0.0-r0
- (no CPE)range: < 25.0.0-r0
- (no CPE)range: < 24.0.4-r2
- (no CPE)range: < 24.0.4-r2
- (no CPE)range: < 8.15.0-r0
- (no CPE)range: < 8.15.0-r0
- (no CPE)range: < 8.15.0-r0
- (no CPE)range: < 8.13.4-r0
- (no CPE)range: < 8.15.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 1.5.0146.1-r4
- (no CPE)range: < 1.5.0146.1-r1
- (no CPE)range: < 25.2.0.102705-r0
- (no CPE)range: < 25.2.0.102705-r0
- (no CPE)range: < 25.2.0.102705-r0
- (no CPE)range: < 0.10.4-r6
- (no CPE)range: < 37.0.0-r8
- (no CPE)range: < 8.7.0-r4
- (no CPE)range: < 9.4.8.0-r0
- (no CPE)range: < 9.4.8.0-r0
- (no CPE)range: < 25.0.0-r0
- (no CPE)range: < 25.0.0-r0
- (no CPE)range: < 25.0.0-r0
- (no CPE)range: < 25.0.0-r0
- (no CPE)range: < 24.0.4-r2
- (no CPE)range: < 24.0.4-r2
- (no CPE)range: < 8.15.0-r0
- (no CPE)range: < 8.15.0-r0
- (no CPE)range: < 8.15.0-r0
- (no CPE)range: < 8.15.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 1.5.0146.1-r4
- (no CPE)range: < 1.5.0146.1-r1
- (no CPE)range: < 25.2.0.102705-r0
- (no CPE)range: < 25.2.0.102705-r0
- (no CPE)range: < 25.2.0.102705-r0
- (no CPE)range: < 0.10.4-r6
- (no CPE)range: < 1.0.2.5
- (no CPE)range: < 1.78
- (no CPE)range: < 1.78
- (no CPE)range: < 1.78
- (no CPE)range: < 1.78
- (no CPE)range: < 1.78
- (no CPE)range: < 1.78
- (no CPE)range: < 1.78
- (no CPE)range: >= 0
- (no CPE)range: < 2.3.1
- (no CPE)range: < 1.78.1-1.1
- (no CPE)range: < 5.5.13.4-1.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-8xfc-gm6g-vgpvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-29857ghsaADVISORY
- github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63ghsaWEB
- github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501fghsaWEB
- github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281ghsaWEB
- security.netapp.com/advisory/ntap-20241206-0008ghsaWEB
- www.bouncycastle.org/latest_releases.htmlnvdWEB
- security.netapp.com/advisory/ntap-20241206-0008/nvd
News mentions
0No linked articles in our index yet.