Security Advisories

CGA-x9cj-c42r-f4mr

Published

Last updated

https://images.chainguard.dev/security/CGA-x9cj-c42r-f4mr

Package

apache-nifi

Latest Update

Pending upstream fix

Aliases

CVE-2024-29857
GHSA-8xfc-gm6g-vgpv

Severity

5.3

Medium

CVSS V3

Summary

Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.

Description

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-29857
https://github.com/advisories/GHSA-8xfc-gm6g-vgpv
https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63
https://github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501f
https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281
https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
https://www.bouncycastle.org/latest_releases.html

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-x9cj-c42r-f4mr

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources