GHSA-m44j-cfrm-g8qc
GitHub Security Advisory
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
An issue was discovered in Bouncy Castle Java Cryptography APIs starting in 1.73 and before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
Affected Packages
Maven
org.bouncycastle:bcprov-jdk18on
Affected versions:
1.73
(fixed in 1.78)
Maven
org.bouncycastle:bcprov-jdk15to18
Affected versions:
1.73
(fixed in 1.78)
Maven
org.bouncycastle:bcprov-jdk14
Affected versions:
1.73
(fixed in 1.78)
Maven
org.bouncycastle:bctls-jdk18on
Affected versions:
1.73
(fixed in 1.78)
Maven
org.bouncycastle:bctls-jdk14
Affected versions:
1.73
(fixed in 1.78)
Maven
org.bouncycastle:bctls-jdk15to18
Affected versions:
1.73
(fixed in 1.78)
NuGet
BouncyCastle
Affected versions:
0
NuGet
BouncyCastle.Cryptography
Affected versions:
0
(fixed in 2.3.1)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: June 13, 2025 6:24 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.