CVE-2024-29857: CVE-2024-29857: Denial of Service via Algorithmic Complexity in Bouncy Castle ECC

CVE-2024-29857: Denial of Service via Algorithmic Complexity in Bouncy Castle ECC

Vulnerability ID: CVE-2024-29857
CVSS Score: 7.5
Published: 2024-05-09

An algorithmic complexity exhaustion vulnerability exists in the Bouncy Castle cryptographic libraries for Java and C# .NET. The vulnerability affects the processing of Elliptic Curve Cryptography (ECC) parameters defined over binary finite fields. Remote attackers can trigger unbounded resource consumption and cause a denial of service (DoS) by supplying specially crafted X.509 certificates with excessively large field degree parameters.

TL;DR

Bouncy Castle (Java < 1.78, C# < 2.3.1) fails to limit the field degree parameter when processing explicit ECC curve parameters over binary fields. This allows remote attackers to trigger an infinite CPU loop via malicious X.509 certificates.

---

⚠️ Exploit Status: POC

Technical Details

• CWE ID: CWE-400 / CWE-125
• Attack Vector: Network (Malicious X.509 Certificate)
• CVSS v3.1 Score: 7.5
• EPSS Score: 0.00337 (56.09%)
• Impact: 100% CPU Exhaustion (Denial of Service)
• Exploit Status: Proof of Concept (X.509DoSTool)
• KEV Status: Not Listed

Affected Systems

• Jenkins
• Keycloak
• Logstash
• Oracle WebLogic Server
• IBM SPSS Collaboration and Deployment Services
• Red Hat Enterprise Linux (RHEL)
• Amazon Linux
• Cloudera Flow Management
• Bouncy Castle Java (BC Java): < 1.78 (Fixed in: 1.78)
• Bouncy Castle Java LTS: < 2.73.6 (Fixed in: 2.73.6)
• Bouncy Castle FIPS (BC-FJA): < 1.0.2.5 (Fixed in: 1.0.2.5)
• Bouncy Castle C# .NET: < 2.3.1 (Fixed in: 2.3.1)

Code Analysis

Commit: fee80dd

Java patch moving the boundary check to the foundational buildField method.

Commit: 56daa6e

C# .NET implementation patch restricting maximum field size parameter.

Exploit Details

• USENIX Security 2025: X.509DoSTool demonstrating malicious certificate generation

Mitigation Strategies

• Upgrade to Bouncy Castle Java 1.78 or 2.73.6 (LTS)
• Upgrade to Bouncy Castle C# .NET 2.3.1
• Upgrade Bouncy Castle FIPS to 1.0.2.5
• Configure Java system property org.bouncycastle.ec.max_f2m_field_size
• Configure .NET environment variable Org.BouncyCastle.EC.F2m_MaxSize

Remediation Steps:

1. Audit project dependencies using SCA tools (Snyk, Dependabot) to identify vulnerable Bouncy Castle versions.
2. Update Maven/Gradle or NuGet package definitions to the patched versions.
3. If utilizing third-party applications (Jenkins, Keycloak), apply vendor-specific security patches that bundle the updated Bouncy Castle libraries.
4. Verify the application test suite executes correctly, ensuring no legacy requirements exist for binary curves exceeding 1142 bits.

References

• Bouncy Castle Java GitHub Advisory
• Bouncy Castle C# GitHub Advisory
• Java Patch Commit
• C# Patch Commit
• X.509DoS: Exploiting and Detecting Denial-of-Service
• NetApp Advisory
• Bouncy Castle Latest Releases

---

Read the full report for CVE-2024-29857 on our website for more details including interactive diagrams and full exploit analysis.