CVE-2024-30172

Name of the Vulnerable Software and Affected Versions Bouncy Castle Java Cryptography APIs versions 1.73 through 1.77 Bitbucket Data Center and Server versions 8.9.5 through 8.19.0 Bamboo Data Center and Server versions 9.2.11 through 9.6.0 Confluence Data Center and Server version 3.7 Confluence Data Center and Server versions 7.19 through 8.9 before 8.9.4 Confluence Data Center and Server versions 8.5 through 8.5.11 Confluence Data Center and Server version 9.0 before 9.0.1

Description An issue was discovered in Bouncy Castle Java Cryptography APIs. An Ed25519 verification code infinite loop can occur via a crafted signature and public key. This allows an unauthenticated attacker to expose assets in the environment susceptible to exploitation, with no impact to confidentiality, no impact to integrity, high impact to availability, and requires no user interaction.

Recommendations For Bouncy Castle Java Cryptography APIs versions 1.73 through 1.77, upgrade to version 1.78 or later. For Bitbucket Data Center and Server versions 8.9.5 through 8.19.0, upgrade to a release greater than or equal to 8.9.14 for version 8.9, or upgrade to a release greater than or equal to 8.19.3 for version 8.19. For Bamboo Data Center and Server versions 9.2.11 through 9.6.0, upgrade to a release greater than or equal to 9.2.14 for version 9.2, or upgrade to a release greater than or equal to 9.5.4 for version 9.5, or upgrade to a release greater than or equal to 9.6.2 for version 9.6. For Confluence Data Center and Server version 3.7, upgrade to a supported fixed version. For Confluence Data Center and Server versions 7.19 through 8.9 before 8.9.4, upgrade to a release greater than or equal to 7.19.26 for version 7.19, or upgrade to a release greater than or equal to 8.5.12 for version 8.5, or upgrade to a release greater than or equal to 8.9.4 for version 8.9. For Confluence Data Center and Server version 9.0 before 9.0.1, upgrade to a release greater than or equal to 9.0.1.