CVE-2024-30172: 
Java vulnerability analysis and mitigation

An issue was discovered in Bouncy Castle Java Cryptography APIs before version 1.78. The vulnerability allows an Ed25519 verification code infinite loop to occur when a crafted signature and public key are provided. The vulnerability was assigned CVE-2024-30172 and was disclosed in May 2024 (NVD, Bouncy Castle).

The vulnerability affects the Ed25519 verification code in the ScalarUtil class of Bouncy Castle's Java implementation. When exploited, it can cause an infinite loop during the signature verification process. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NetApp Advisory).

Successful exploitation of this vulnerability can lead to a Denial of Service (DoS) condition, potentially affecting the availability of systems using the vulnerable versions of Bouncy Castle Java Cryptography APIs (NetApp Advisory).

The vulnerability has been fixed in Bouncy Castle version 1.78 and later releases. Organizations using affected versions should upgrade to version 1.78 or newer to address this security issue (Bouncy Castle).