PT-2025-32978 · Bouncy Castle+3 · Bouncy Castle For Java+4

Bing Shi

Publicado

2025-08-13

Atualizado

2026-05-18

CVE-2025-8916

CVSS v4.0

6.3

Média

Vetor

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber

Name of the Vulnerable Software and Affected Versions: Bouncy Castle for Java versions 1.44 through 1.78 BCPKIX FIPS versions 1.0.0 through 1.0.7 BCPKIX FIPS versions 2.0.0 through 2.0.7

Description: The Bouncy Castle for Java cryptographic libraries contain a vulnerability related to excessive resource allocation without limits or throttling. The issue affects API modules and involves program files related to PKIX certificate processing, specifically within PKIXCertPathReviewer and related classes.

Recommendations: Update Bouncy Castle for Java to a version later than 1.78. Update BCPKIX FIPS to a version later than 1.0.7. Update BCPKIX FIPS to a version later than 2.0.7.

Exploit

Correção

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

BDU:2026-06606

CLEANSTART-2026-IA43044

CLEANSTART-2026-IS05941

CLEANSTART-2026-JU62349

CLEANSTART-2026-SQ91016

CLEANSTART-2026-SV95049

CLEANSTART-2026-WK99982

CVE-2025-8916

ECHO-3E4C-CFFF-062A

GHSA-4CX2-FC23-5WG6

USN-8108-1

Produtos afetados

Bcpkix Fips

Bouncy Castle For Java

Debian

Linuxmint

Ubuntu

PT-2025-32978 · Bouncy Castle+3 · Bouncy Castle For Java+4

CVE-2025-8916

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 222