Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Bouncy Castle for Java

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2025-9340
Assigner-91579145-5d7b-4cc5-b925-a0262ff19630
ShareView Details
Assigner-91579145-5d7b-4cc5-b925-a0262ff19630
CVSS Score-Not Assigned
EPSS-0.02% / 2.97%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 09:39
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
native encrypt/decrypt operations in JCE may corrupt data if same byte array used for input and output.

Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All (API modules). This vulnerability is associated with program files org/bouncycastle/jcajce/provider/BaseCipher. This issue affects Bouncy Castle for Java: from BC-FJA 2.1.0 through 2.1.0.

Action-Not Available
Vendor-Legion of the Bouncy Castle Inc.
Product-Bouncy Castle for Java
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-8916
Assigner-91579145-5d7b-4cc5-b925-a0262ff19630
ShareView Details
Assigner-91579145-5d7b-4cc5-b925-a0262ff19630
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.16%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 09:31
Updated-13 Aug, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible DOS in processing large name constraint structures in PKIXCertPathReveiwer

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertP... https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.java , https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathRevi... https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java . This issue affects Bouncy Castle for Java: from BC 1.44 through 1.78, from BCPKIX FIPS 1.0.0 through 1.0.7, from BCPKIX FIPS 2.0.0 through 2.0.7.

Action-Not Available
Vendor-Legion of the Bouncy Castle Inc.
Product-Bouncy Castle for Java
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-8885
Assigner-91579145-5d7b-4cc5-b925-a0262ff19630
ShareView Details
Assigner-91579145-5d7b-4cc5-b925-a0262ff19630
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.16%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 09:13
Updated-16 Aug, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible DOS in processing specially formed ASN.1 Object Identifiers

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcprov, bc-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.Java. This issue affects Bouncy Castle for Java: from BC 1.0 through 1.77, from BC-FJA 1.0.0 through 1.0.2.5, from BC-FJA 2.0.0 through 2.0.0.

Action-Not Available
Vendor-Legion of the Bouncy Castle Inc.
Product-Bouncy Castle for Java
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling