VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-p1ac-tc9q-aaaa

Essentials
Severities (105)
References (26)
Severity details (34)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-p1ac-tc9q-aaaa
Aliases	CVE-2024-29857 GHSA-8xfc-gm6g-vgpv
Summary	An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-400	Uncontrolled Resource Consumption
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation
CWE-125	Out-of-bounds Read

System	Score	Found at
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:5143
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5143
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:5144
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5144
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:5145
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5145
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:5147
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:5147
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29857.json
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00159	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00311	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2024-29857
cvssv3.1	5.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-8xfc-gm6g-vgpv
cvssv3.1	5.3	https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63
generic_textual	MODERATE	https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63
cvssv3.1	5.3	https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
cvssv3.1	7.5	https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
generic_textual	MODERATE	https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
ssvc	Track	https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
cvssv3.1	5.3	https://github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501f
generic_textual	MODERATE	https://github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501f
cvssv3.1	5.3	https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281
generic_textual	MODERATE	https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281
cvssv3.1	5.3	https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
cvssv3.1	7.5	https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
generic_textual	MODERATE	https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
ssvc	Track	https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2024-29857
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-29857
cvssv3.1	5.3	https://security.netapp.com/advisory/ntap-20241206-0008
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20241206-0008
cvssv3.1	5.3	https://www.bouncycastle.org/latest_releases.html
cvssv3.1	7.5	https://www.bouncycastle.org/latest_releases.html
generic_textual	LOW	https://www.bouncycastle.org/latest_releases.html
generic_textual	MODERATE	https://www.bouncycastle.org/latest_releases.html
ssvc	Track	https://www.bouncycastle.org/latest_releases.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29857.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-29857
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29857
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63
		https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
		https://github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501f
		https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281
		https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
		https://security.netapp.com/advisory/ntap-20241206-0008
		https://security.netapp.com/advisory/ntap-20241206-0008/
		https://www.bouncycastle.org/latest_releases.html
1070655		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655
2293028		https://bugzilla.redhat.com/show_bug.cgi?id=2293028
CVE-2024-29857		https://nvd.nist.gov/vuln/detail/CVE-2024-29857
GHSA-8xfc-gm6g-vgpv		https://github.com/advisories/GHSA-8xfc-gm6g-vgpv
RHSA-2024:4271		https://access.redhat.com/errata/RHSA-2024:4271
RHSA-2024:4326		https://access.redhat.com/errata/RHSA-2024:4326
RHSA-2024:4505		https://access.redhat.com/errata/RHSA-2024:4505
RHSA-2024:5143		https://access.redhat.com/errata/RHSA-2024:5143
RHSA-2024:5144		https://access.redhat.com/errata/RHSA-2024:5144
RHSA-2024:5145		https://access.redhat.com/errata/RHSA-2024:5145
RHSA-2024:5147		https://access.redhat.com/errata/RHSA-2024:5147
RHSA-2024:5479		https://access.redhat.com/errata/RHSA-2024:5479
RHSA-2024:5481		https://access.redhat.com/errata/RHSA-2024:5481
RHSA-2024:5482		https://access.redhat.com/errata/RHSA-2024:5482

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5143

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5143

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5144

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5144

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5145

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5145

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/errata/RHSA-2024:5147

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:00:49Z/ Found at https://access.redhat.com/errata/RHSA-2024:5147

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29857.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/ Found at https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/ Found at https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-29857

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.netapp.com/advisory/ntap-20241206-0008

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://www.bouncycastle.org/latest_releases.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.bouncycastle.org/latest_releases.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/ Found at https://www.bouncycastle.org/latest_releases.html

Exploit Prediction Scoring System (EPSS)

Percentile	0.29181
EPSS Score	0.00101
Published At	May 2, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2024-05-06T14:13:06.075859+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4