Bouncy Castle CVE in NoSpamProxy
17.05.2024|Last edited:17.05.2024
NoSpamProxy uses Bouncy Castle as an additional library for some operations. Bouncy Castle version 1.8.9 is used in the current NoSpamProxy version 15.1.940. Three new vulnerabilities have been published for Bouncy Castle. NoSpamProxy is not affected by any of these CVE.
Three new CVE have been published for Bouncy Castle, which also affect the version we use:
- CVE-2024-29857
- CVE-2024-30171
- CVE-2024-30172
NoSpamProxy is not affected by any of these CVE, as we do not use the corresponding bouncy castle functions. Nevertheless, we are working internally to update the library to a newer version in order to be as up-to-date as possible in the future.