Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.bouncycastle/bc-fips@1.0.2.4
purl pkg:maven/org.bouncycastle/bc-fips@1.0.2.4
Next non-vulnerable version 1.0.2.5
Latest non-vulnerable version 2.1.2
Risk 3.4
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-4rs8-tp92-p7ck
Aliases:
CVE-2024-29857
GHSA-8xfc-gm6g-vgpv
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
1.0.2.5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-g87j-yupf-tybu Garbage collection issue in BC-FJA in Java 13 and later An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11. CVE-2022-45146
GHSA-68m8-v89j-7j2p

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:57:58.729459+00:00 GitLab Importer Affected by VCID-4rs8-tp92-p7ck https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2024-29857.yml 38.4.0
2026-04-16T22:16:04.100738+00:00 GitLab Importer Fixing VCID-g87j-yupf-tybu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2022-45146.yml 38.4.0
2026-04-12T00:16:03.809477+00:00 GitLab Importer Affected by VCID-4rs8-tp92-p7ck https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2024-29857.yml 38.3.0
2026-04-11T23:33:20.025850+00:00 GitLab Importer Fixing VCID-g87j-yupf-tybu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2022-45146.yml 38.3.0
2026-04-03T00:23:04.829769+00:00 GitLab Importer Affected by VCID-4rs8-tp92-p7ck https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2024-29857.yml 38.1.0
2026-04-02T23:38:22.104223+00:00 GitLab Importer Fixing VCID-g87j-yupf-tybu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2022-45146.yml 38.1.0
2026-04-01T18:00:39.804216+00:00 GitLab Importer Fixing VCID-g87j-yupf-tybu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bc-fips/CVE-2022-45146.yml 38.0.0
2026-04-01T16:04:02.951629+00:00 GHSA Importer Fixing VCID-g87j-yupf-tybu https://github.com/advisories/GHSA-68m8-v89j-7j2p 38.0.0
2026-04-01T13:07:08.202498+00:00 GithubOSV Importer Fixing VCID-g87j-yupf-tybu https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-68m8-v89j-7j2p/GHSA-68m8-v89j-7j2p.json 38.0.0