blazorboilerplate
blazorboilerplate copied to clipboard
enkodellc
CVE-2024-30172 (Medium) detected in bouncycastle.cryptography.2.3.0.nupkg
CVE-2024-30172 - Medium Severity Vulnerability
Vulnerable Library - bouncycastle.cryptography.2.3.0.nupkg
BouncyCastle.NET is a popular cryptography library for .NET
Library home page: https://api.nuget.org/packages/bouncycastle.cryptography.2.3.0.nupkg
Path to dependency file: /src/Server/BlazorBoilerplate.Server/BlazorBoilerplate.Server.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/bouncycastle.cryptography/2.3.0/bouncycastle.cryptography.2.3.0.nupkg
Dependency Hierarchy:
- mailkit.4.4.0.nupkg (Root Library)
- mimekit.4.4.0.nupkg
- :x: bouncycastle.cryptography.2.3.0.nupkg (Vulnerable Library)
- mimekit.4.4.0.nupkg
Found in base branch: master
Vulnerability Details
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
Publish Date: 2024-05-14
URL: CVE-2024-30172
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2024-30172
Release Date: 2024-03-24
Fix Resolution: org.bouncycastle:bcprov-jdk18on:1.78,org.bouncycastle:bcprov-jdk15to18:1.78, org.bouncycastle:bcprov-jdk14:1.78
Step up your Open Source Security Game with Mend here
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "Published by a pub.dev verified publisher"){kind=small}