An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.bouncycastle:bcprov-jdk18on(Maven) | 0 | 1.78 | N/A |
| org.bouncycastle:bcprov-jdk15on(Maven) | 0 | 1.78 | N/A |
| org.bouncycastle:bcprov-jdk15to18(Maven) | 0 | 1.78 | N/A |
| org.bouncycastle:bcprov-jdk14(Maven) | 0 | 1.78 | N/A |
| org.bouncycastle:bctls-jdk18on(Maven) | 0 | 1.78 | N/A |
| org.bouncycastle:bctls-jdk14(Maven) | 0 | 1.78 | N/A |
| org.bouncycastle:bctls-jdk15to18(Maven) | 0 | 1.78 | N/A |
| org.bouncycastle:bc-fips(Maven) | 0 | 1.0.2.5 | N/A |
| BouncyCastle(NuGet) | 0 | N/A | N/A |
| BouncyCastle.Cryptography(NuGet) | 0 | 2.3.1 | N/A |
CVSS Metrics
