Skip to content

CVE‐2024‐29857

David Hook edited this page May 11, 2024 · 6 revisions

Issue affecting: BC Java 1.77 and earlier. BC Java (LTS) 2.73.5 and earlier. BC-FJA 1.0.2.4 and earlier. BC C# .NET 2.3.0 and earlier.

Fixed versions: BC Java 1.78. BC Java (LTS) 2.73.6. BC-FJA 1.0.2.5. BC C# .NET 2.3.1

Platform affected: All JVMs. All CLRs.

The lack of a maximum bounds check in the F2m curve constructor means that it is possible for someone to provide an X509 certificate which, when the public key is extracted will cause high CPU load on the machine doing the processing. This vulnerability is exploitable where:

  • allow the importation of F2m curves with arbitrary, rather than named parameter sets.
  • allow the importation of arbitrary chunks of code that might invoke the problem constructor on F2m.

Where applications only accepts certificates with named parameter sets, of only allowing named parameter sets (such as with TLS), this vulnerability does not apply.

If an application must accept explicit F2m parameters it is also possible to avoid this issue by checking that the m value for the F2m parameter set is less than 1142, currently twice the maximum size in the named F2m parameter sets (this value may need to be tweaked where proprietary curves are defined).

Fix Commit:

Java https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281

C# .NET https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63