CVE-2024-30172: Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
References
Detect and mitigate CVE-2024-30172 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →