VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-gr1b-m4u1-z7a3

Essentials
Severities (42)
References (22)
Severity details (25)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-gr1b-m4u1-z7a3
Aliases	CVE-2024-29857 GHSA-8xfc-gm6g-vgpv
Summary	Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-125	Out-of-bounds Read
CWE-400	Uncontrolled Resource Consumption
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29857.json
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00159	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
cvssv3.1	5.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-8xfc-gm6g-vgpv
cvssv3.1	5.3	https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63
generic_textual	MODERATE	https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63
cvssv3.1	5.3	https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
cvssv3.1	7.5	https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
generic_textual	MODERATE	https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
ssvc	Track	https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
cvssv3.1	5.3	https://github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501f
generic_textual	MODERATE	https://github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501f
cvssv3.1	5.3	https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281
generic_textual	MODERATE	https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281
cvssv3.1	5.3	https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
cvssv3.1	7.5	https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
generic_textual	MODERATE	https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
ssvc	Track	https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2024-29857
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-29857
cvssv3.1	5.3	https://security.netapp.com/advisory/ntap-20241206-0008
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20241206-0008
cvssv3.1	5.3	https://www.bouncycastle.org/latest_releases.html
cvssv3.1	7.5	https://www.bouncycastle.org/latest_releases.html
generic_textual	MODERATE	https://www.bouncycastle.org/latest_releases.html
ssvc	Track	https://www.bouncycastle.org/latest_releases.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29857.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-29857
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29857
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63
		https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
		https://github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501f
		https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281
		https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
		https://nvd.nist.gov/vuln/detail/CVE-2024-29857
		https://security.netapp.com/advisory/ntap-20241206-0008
		https://security.netapp.com/advisory/ntap-20241206-0008/
		https://www.bouncycastle.org/latest_releases.html
1070655		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655
2293028		https://bugzilla.redhat.com/show_bug.cgi?id=2293028
GHSA-8xfc-gm6g-vgpv		https://github.com/advisories/GHSA-8xfc-gm6g-vgpv
RHSA-2024:4271		https://access.redhat.com/errata/RHSA-2024:4271
RHSA-2024:4326		https://access.redhat.com/errata/RHSA-2024:4326
RHSA-2024:4505		https://access.redhat.com/errata/RHSA-2024:4505
RHSA-2024:5479		https://access.redhat.com/errata/RHSA-2024:5479
RHSA-2024:5481		https://access.redhat.com/errata/RHSA-2024:5481
RHSA-2024:5482		https://access.redhat.com/errata/RHSA-2024:5482

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29857.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/ Found at https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/ Found at https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-29857

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.netapp.com/advisory/ntap-20241206-0008

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://www.bouncycastle.org/latest_releases.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.bouncycastle.org/latest_releases.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/ Found at https://www.bouncycastle.org/latest_releases.html

Exploit Prediction Scoring System (EPSS)

Percentile	0.37025
EPSS Score	0.00155
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:35:51.030087+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-8xfc-gm6g-vgpv/GHSA-8xfc-gm6g-vgpv.json	37.0.0