Security Advisories

CGA-gqpv-r8gf-85p6

Published

Last updated

https://images.chainguard.dev/security/CGA-gqpv-r8gf-85p6

Package

keycloak-operator

Latest Update

Fixed

Fixed Version

24.0.4-r2

Aliases

Severity

5.3

Medium

CVSS V3

Summary

Bouncy Castle crafted signature and public key can be used to trigger an infinite loop

Description

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

References

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-gqpv-r8gf-85p6

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources