CVE-2024-30172: This advisory has been marked as False-Positive and removed

May 14, 2024 (updated November 11, 2025)

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

References

github.com/advisories/GHSA-m44j-cfrm-g8qc
github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030172
github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030172
nvd.nist.gov/vuln/detail/CVE-2024-30172
www.bouncycastle.org/latest_releases.html

Code Behaviors & Features

Detect and mitigate CVE-2024-30172 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →