Search for vulnerabilities
Vulnerability details: VCID-99hh-6w2u-aaaa
Vulnerability ID VCID-99hh-6w2u-aaaa
Aliases CVE-2024-30172
GHSA-m44j-cfrm-g8qc
Summary An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 5.3 https://access.redhat.com/errata/RHSA-2024:5143
ssvc Track https://access.redhat.com/errata/RHSA-2024:5143
cvssv3.1 5.3 https://access.redhat.com/errata/RHSA-2024:5144
ssvc Track https://access.redhat.com/errata/RHSA-2024:5144
cvssv3.1 5.3 https://access.redhat.com/errata/RHSA-2024:5145
ssvc Track https://access.redhat.com/errata/RHSA-2024:5145
cvssv3.1 5.3 https://access.redhat.com/errata/RHSA-2024:5147
ssvc Track https://access.redhat.com/errata/RHSA-2024:5147
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30172.json
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00244 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00244 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00244 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00259 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
epss 0.00331 https://api.first.org/data/v1/epss?cve=CVE-2024-30172
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-m44j-cfrm-g8qc
cvssv3.1 5.3 https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030172
generic_textual MODERATE https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030172
cvssv3.1 5.3 https://github.com/bcgit/bc-java/commit/1b9fd9b545e691bfb3941a9f6a797660c8860f02
generic_textual MODERATE https://github.com/bcgit/bc-java/commit/1b9fd9b545e691bfb3941a9f6a797660c8860f02
cvssv3.1 5.3 https://github.com/bcgit/bc-java/commit/9c165791b68a204678b48ec11e4e579754c2ea49
generic_textual MODERATE https://github.com/bcgit/bc-java/commit/9c165791b68a204678b48ec11e4e579754c2ea49
cvssv3.1 5.3 https://github.com/bcgit/bc-java/commit/ebe1c75579170072dc59b8dee2b55ce31663178f
generic_textual MODERATE https://github.com/bcgit/bc-java/commit/ebe1c75579170072dc59b8dee2b55ce31663178f
cvssv3.1 5.3 https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030172
generic_textual MODERATE https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030172
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2024-30172
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-30172
cvssv3.1 5.3 https://security.netapp.com/advisory/ntap-20240614-0007
generic_textual LOW https://security.netapp.com/advisory/ntap-20240614-0007
generic_textual MODERATE https://security.netapp.com/advisory/ntap-20240614-0007
cvssv3.1 7.5 https://security.netapp.com/advisory/ntap-20240614-0007/
ssvc Track https://security.netapp.com/advisory/ntap-20240614-0007/
cvssv3.1 5.3 https://www.bouncycastle.org/latest_releases.html
cvssv3.1 7.5 https://www.bouncycastle.org/latest_releases.html
generic_textual LOW https://www.bouncycastle.org/latest_releases.html
generic_textual MODERATE https://www.bouncycastle.org/latest_releases.html
ssvc Track https://www.bouncycastle.org/latest_releases.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30172.json
https://api.first.org/data/v1/epss?cve=CVE-2024-30172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30172
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030172
https://github.com/bcgit/bc-java/commit/1b9fd9b545e691bfb3941a9f6a797660c8860f02
https://github.com/bcgit/bc-java/commit/9c165791b68a204678b48ec11e4e579754c2ea49
https://github.com/bcgit/bc-java/commit/ebe1c75579170072dc59b8dee2b55ce31663178f
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030172
https://security.netapp.com/advisory/ntap-20240614-0007
https://security.netapp.com/advisory/ntap-20240614-0007/
https://www.bouncycastle.org/latest_releases.html
1070655 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655
2293025 https://bugzilla.redhat.com/show_bug.cgi?id=2293025
CVE-2024-30172 https://nvd.nist.gov/vuln/detail/CVE-2024-30172
GHSA-m44j-cfrm-g8qc https://github.com/advisories/GHSA-m44j-cfrm-g8qc
RHSA-2024:4271 https://access.redhat.com/errata/RHSA-2024:4271
RHSA-2024:4326 https://access.redhat.com/errata/RHSA-2024:4326
RHSA-2024:4505 https://access.redhat.com/errata/RHSA-2024:4505
RHSA-2024:5143 https://access.redhat.com/errata/RHSA-2024:5143
RHSA-2024:5144 https://access.redhat.com/errata/RHSA-2024:5144
RHSA-2024:5145 https://access.redhat.com/errata/RHSA-2024:5145
RHSA-2024:5147 https://access.redhat.com/errata/RHSA-2024:5147
RHSA-2024:5479 https://access.redhat.com/errata/RHSA-2024:5479
RHSA-2024:5481 https://access.redhat.com/errata/RHSA-2024:5481
RHSA-2024:5482 https://access.redhat.com/errata/RHSA-2024:5482
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5143
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5143
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5144
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5144
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5145
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5145
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5147
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5147
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30172.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030172
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/bcgit/bc-java/commit/1b9fd9b545e691bfb3941a9f6a797660c8860f02
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/bcgit/bc-java/commit/9c165791b68a204678b48ec11e4e579754c2ea49
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/bcgit/bc-java/commit/ebe1c75579170072dc59b8dee2b55ce31663178f
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030172
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-30172
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.netapp.com/advisory/ntap-20240614-0007
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20240614-0007/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-05T13:44:28Z/ Found at https://security.netapp.com/advisory/ntap-20240614-0007/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://www.bouncycastle.org/latest_releases.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.bouncycastle.org/latest_releases.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-05T13:44:28Z/ Found at https://www.bouncycastle.org/latest_releases.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.09902
EPSS Score 0.00043
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-05-06T14:13:06.084392+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 34.0.0rc4