Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:nuget/BouncyCastle.Cryptography@2.3.0
purl pkg:nuget/BouncyCastle.Cryptography@2.3.0
Next non-vulnerable version 2.3.1
Latest non-vulnerable version 2.3.1
Risk 3.4
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-2j9r-6zbp-m3bz
Aliases:
CVE-2024-30171
GHSA-v435-xc8x-wvr9
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
2.3.1
Affected by 0 other vulnerabilities.
VCID-4rs8-tp92-p7ck
Aliases:
CVE-2024-29857
GHSA-8xfc-gm6g-vgpv
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
2.3.1
Affected by 0 other vulnerabilities.
VCID-d5x5-hcjh-efcr
Aliases:
CVE-2024-30172
GHSA-m44j-cfrm-g8qc
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop An issue was discovered in Bouncy Castle Java Cryptography APIs starting in 1.73 and before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
2.3.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:58:10.541213+00:00 GitLab Importer Affected by VCID-4rs8-tp92-p7ck https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-29857.yml 38.4.0
2026-04-16T22:58:09.754943+00:00 GitLab Importer Affected by VCID-d5x5-hcjh-efcr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-30172.yml 38.4.0
2026-04-16T22:58:01.515646+00:00 GitLab Importer Affected by VCID-2j9r-6zbp-m3bz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-30171.yml 38.4.0
2026-04-12T00:16:16.375570+00:00 GitLab Importer Affected by VCID-4rs8-tp92-p7ck https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-29857.yml 38.3.0
2026-04-12T00:16:15.407843+00:00 GitLab Importer Affected by VCID-d5x5-hcjh-efcr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-30172.yml 38.3.0
2026-04-12T00:16:06.798881+00:00 GitLab Importer Affected by VCID-2j9r-6zbp-m3bz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-30171.yml 38.3.0
2026-04-03T00:23:17.312648+00:00 GitLab Importer Affected by VCID-4rs8-tp92-p7ck https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-29857.yml 38.1.0
2026-04-03T00:23:16.574967+00:00 GitLab Importer Affected by VCID-d5x5-hcjh-efcr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-30172.yml 38.1.0
2026-04-03T00:23:07.691812+00:00 GitLab Importer Affected by VCID-2j9r-6zbp-m3bz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-30171.yml 38.1.0