GHSA-8xfc-gm6g-vgpv
GitHub Security Advisory
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
Affected Packages
Maven
org.bouncycastle:bcprov-jdk18on
Affected versions:
0
(fixed in 1.78)
Maven
org.bouncycastle:bcprov-jdk15on
Affected versions:
0
(fixed in 1.78)
Maven
org.bouncycastle:bcprov-jdk15to18
Affected versions:
0
(fixed in 1.78)
Maven
org.bouncycastle:bcprov-jdk14
Affected versions:
0
(fixed in 1.78)
Maven
org.bouncycastle:bctls-jdk18on
Affected versions:
0
(fixed in 1.78)
Maven
org.bouncycastle:bctls-jdk14
Affected versions:
0
(fixed in 1.78)
Maven
org.bouncycastle:bctls-jdk15to18
Affected versions:
0
(fixed in 1.78)
Maven
org.bouncycastle:bc-fips
Affected versions:
0
(fixed in 1.0.2.5)
NuGet
BouncyCastle
Affected versions:
0
NuGet
BouncyCastle.Cryptography
Affected versions:
0
(fixed in 2.3.1)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: September 20, 2025 6:29 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.