VulnerableCode Package Details - pkg:nuget/BouncyCastle.Cryptography@2.3.1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2j9r-6zbp-m3bz	Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.	CVE-2024-30171 GHSA-v435-xc8x-wvr9
VCID-4rs8-tp92-p7ck	Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.	CVE-2024-29857 GHSA-8xfc-gm6g-vgpv
VCID-d5x5-hcjh-efcr	Bouncy Castle crafted signature and public key can be used to trigger an infinite loop An issue was discovered in Bouncy Castle Java Cryptography APIs starting in 1.73 and before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.	CVE-2024-30172 GHSA-m44j-cfrm-g8qc

Vulnerability

Summary

Aliases

VCID-2j9r-6zbp-m3bz

Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

CVE-2024-30171
GHSA-v435-xc8x-wvr9

VCID-4rs8-tp92-p7ck

Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.

CVE-2024-29857
GHSA-8xfc-gm6g-vgpv

VCID-d5x5-hcjh-efcr

Bouncy Castle crafted signature and public key can be used to trigger an infinite loop An issue was discovered in Bouncy Castle Java Cryptography APIs starting in 1.73 and before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

CVE-2024-30172
GHSA-m44j-cfrm-g8qc

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:58:10.544365+00:00	GitLab Importer	Fixing	VCID-4rs8-tp92-p7ck	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-29857.yml	38.4.0
2026-04-16T22:58:09.758399+00:00	GitLab Importer	Fixing	VCID-d5x5-hcjh-efcr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-30172.yml	38.4.0
2026-04-16T22:58:01.518948+00:00	GitLab Importer	Fixing	VCID-2j9r-6zbp-m3bz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-30171.yml	38.4.0
2026-04-12T00:16:16.379740+00:00	GitLab Importer	Fixing	VCID-4rs8-tp92-p7ck	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-29857.yml	38.3.0
2026-04-12T00:16:15.411314+00:00	GitLab Importer	Fixing	VCID-d5x5-hcjh-efcr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-30172.yml	38.3.0
2026-04-12T00:16:06.802835+00:00	GitLab Importer	Fixing	VCID-2j9r-6zbp-m3bz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-30171.yml	38.3.0
2026-04-03T00:23:17.315970+00:00	GitLab Importer	Fixing	VCID-4rs8-tp92-p7ck	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-29857.yml	38.1.0
2026-04-03T00:23:16.578239+00:00	GitLab Importer	Fixing	VCID-d5x5-hcjh-efcr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-30172.yml	38.1.0
2026-04-03T00:23:07.695155+00:00	GitLab Importer	Fixing	VCID-2j9r-6zbp-m3bz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-30171.yml	38.1.0
2026-04-02T12:39:11.152938+00:00	GitLab Importer	Fixing	VCID-4rs8-tp92-p7ck	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-29857.yml	38.0.0
2026-04-02T12:39:11.030479+00:00	GitLab Importer	Fixing	VCID-d5x5-hcjh-efcr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-30172.yml	38.0.0
2026-04-02T12:39:10.145509+00:00	GitLab Importer	Fixing	VCID-2j9r-6zbp-m3bz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/BouncyCastle.Cryptography/CVE-2024-30171.yml	38.0.0
2026-04-01T16:05:16.018693+00:00	GHSA Importer	Fixing	VCID-d5x5-hcjh-efcr	https://github.com/advisories/GHSA-m44j-cfrm-g8qc	38.0.0
2026-04-01T16:05:15.616578+00:00	GHSA Importer	Fixing	VCID-2j9r-6zbp-m3bz	https://github.com/advisories/GHSA-v435-xc8x-wvr9	38.0.0
2026-04-01T16:05:15.588119+00:00	GHSA Importer	Fixing	VCID-4rs8-tp92-p7ck	https://github.com/advisories/GHSA-8xfc-gm6g-vgpv	38.0.0
2026-04-01T12:52:05.152601+00:00	GithubOSV Importer	Fixing	VCID-4rs8-tp92-p7ck	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-8xfc-gm6g-vgpv/GHSA-8xfc-gm6g-vgpv.json	38.0.0
2026-04-01T12:52:03.053573+00:00	GithubOSV Importer	Fixing	VCID-2j9r-6zbp-m3bz	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-v435-xc8x-wvr9/GHSA-v435-xc8x-wvr9.json	38.0.0
2026-04-01T12:51:55.997714+00:00	GithubOSV Importer	Fixing	VCID-d5x5-hcjh-efcr	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-m44j-cfrm-g8qc/GHSA-m44j-cfrm-g8qc.json	38.0.0