Disclosure

**Name of the Vulnerable Software and Affected Versions** BC-JAVA versions prior to 1.84 **Description** An issue in the bcpg modules allows for unbounded PGP AEAD chunk size, which can lead to pre-authentication resource exhaustion. Resource exhaustion occurs when a system lacks limits or throttling on resource allocation, allowing a requester to consume all available system memory or CPU. **Recommendations** Update to version 1.84 or later.