ByteOS Network

CVE Vulnerability Details :

CVE-2025-9340

PUBLISHED

More Info Official Page

Assigner-bcorg

Assigner Org ID-91579145-5d7b-4cc5-b925-a0262ff19630

Published At-22 Aug, 2025 | 09:39

Updated At-22 Aug, 2025 | 10:37

▼CVE Numbering Authority (CNA)

native encrypt/decrypt operations in JCE may corrupt data if same byte array used for input and output.

Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All (API modules). This vulnerability is associated with program files org/bouncycastle/jcajce/provider/BaseCipher. This issue affects Bouncy Castle for Java: from BC-FJA 2.1.0 through 2.1.0.

Affected Products

Vendor

Legion of the Bouncy Castle Inc.

Product

Bouncy Castle for Java

Collection URL

https://repo1.maven.org/maven2/org/bouncycastle

Package Name

bc-fips

Repo

ssh://bcgit@git.bouncycastle.org:bc-fips-2.1.X-java.git

Modules

Program Files

org/bouncycastle/jcajce/provider/BaseCipher

Platforms

Default Status

unaffected

Versions

Affected

From BC-FJA 2.1.0 through 2.1.0 (maven)

Problem Types

Type	CWE ID	Description
CWE	CWE-787	CWE-787 Out-of-bounds Write

Metrics

Version	Base score	Base severity	Vector
4.0	0.0	NONE	CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/R:U/RE:M/U:Green

Workarounds

This can be coded around by avoiding operations in place when dealing with aes-native encryption/decryption.

References

Hyperlink	Resource
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%909340	N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References