CVE-2024-30172
Ed25519 verification code infinite loop vulnerability in bcprov-jdk18on (Maven)
What is CVE-2024-30172 About?
Bouncy Castle Java Cryptography APIs versions 1.73 through 1.77 have an Ed25519 verification code infinite loop vulnerability. A crafted signature and public key can trigger an endless loop during verification, leading to a denial of service. Exploitation is plausible for an attacker who can provide specific cryptographic inputs.
Affected Software
- org.bouncycastle:bcprov-jdk18on
- >1.73, <1.78
- org.bouncycastle:bcprov-jdk15to18
- >1.73, <1.78
- org.bouncycastle:bcprov-jdk14
- >1.73, <1.78
- org.bouncycastle:bctls-jdk18on
- >1.73, <1.78
- org.bouncycastle:bctls-jdk14
- >1.73, <1.78
- org.bouncycastle:bctls-jdk15to18
- >1.73, <1.78
- BouncyCastle.Cryptography
- <2.3.1
Technical Details
The vulnerability in Bouncy Castle Java Cryptography APIs (versions 1.73-1.77) involves an Ed25519 verification code infinite loop. This occurs when the Ed25519 signature verification algorithm receives a specially crafted combination of a signature and a public key. Instead of correctly validating or rejecting the input, the internal verification logic enters an infinite loop, continuously processing the malformed data without termination. This consumes CPU resources indefinitely, preventing the application from performing other tasks and effectively leading to a denial-of-service condition for any process attempting to verify such a signature.
What is the Impact of CVE-2024-30172?
Successful exploitation may allow attackers to cause a denial-of-service condition by triggering an infinite loop during signature verification, making the affected application unresponsive.
What is the Exploitability of CVE-2024-30172?
Exploitation of this vulnerability requires an attacker to be able to supply a crafted Ed25519 signature and public key to an application using the vulnerable Bouncy Castle API. The complexity is moderate, as it involves crafting a cryptographically malformed input that specifically triggers the infinite loop. This is typically a remote attack vector if the application exposes an endpoint that verifies Ed25519 signatures from untrusted sources. There are no specific authentication or privilege requirements beyond the ability to submit the malicious signature and public key for verification. The risk is significantly increased in applications that commonly verify untrusted Ed25519 signatures, such as in secure communication protocols or digital certificate validation.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2024-30172?
Available Upgrade Options
- org.bouncycastle:bcprov-jdk14
- >1.73, <1.78 → Upgrade to 1.78
- org.bouncycastle:bcprov-jdk15to18
- >1.73, <1.78 → Upgrade to 1.78
- org.bouncycastle:bctls-jdk14
- >1.73, <1.78 → Upgrade to 1.78
- org.bouncycastle:bcprov-jdk18on
- >1.73, <1.78 → Upgrade to 1.78
- org.bouncycastle:bctls-jdk18on
- >1.73, <1.78 → Upgrade to 1.78
- org.bouncycastle:bctls-jdk15to18
- >1.73, <1.78 → Upgrade to 1.78
- BouncyCastle.Cryptography
- <2.3.1 → Upgrade to 2.3.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030172
- https://www.bouncycastle.org/latest_releases.html
- https://security.netapp.com/advisory/ntap-20240614-0007/
- https://security.netapp.com/advisory/ntap-20240614-0007
- https://osv.dev/vulnerability/GHSA-m44j-cfrm-g8qc
- https://github.com/bcgit/bc-java/commit/ebe1c75579170072dc59b8dee2b55ce31663178f
- https://github.com/bcgit/bc-java/commit/9c165791b68a204678b48ec11e4e579754c2ea49
- https://nvd.nist.gov/vuln/detail/CVE-2024-30172
- https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030172
- https://www.bouncycastle.org/latest_releases.html
What are Similar Vulnerabilities to CVE-2024-30172?
Similar Vulnerabilities: CVE-2023-45811 , CVE-2023-45731 , CVE-2023-38148 , CVE-2023-37905 , CVE-2023-35804
