Security Advisories

CGA-35wp-w6c8-232q

Published

Last updated

https://images.chainguard.dev/security/CGA-35wp-w6c8-232q

Package

elasticsearch-7

Latest Update

Fixed

Fixed Version

7.17.22-r0

Aliases

Severity

5.3

Medium

CVSS V3

Summary

Bouncy Castle crafted signature and public key can be used to trigger an infinite loop

Description

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

References

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-35wp-w6c8-232q

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources