PT-2025-32637 · Unknown+1 · Bouncy Castle For Java+1
Bing Shi
·
Published
2025-08-12
·
Updated
2025-09-12
·
CVE-2025-8885
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:U/V:X/RE:M/U:Amber |
Name of the Vulnerable Software and Affected Versions:
Bouncy Castle for Java versions 1.0 through 1.77
Bouncy Castle for Java - FJA versions 1.0.0 through 2.0.0
Description:
A resource allocation issue exists in Bouncy Castle for Java affecting all API modules. The vulnerability allows attackers to cause excessive memory allocation through unbounded resource consumption, potentially leading to denial of service. The issue is associated with the
ASN1ObjectIdentifier.java file within the core module and is triggered by malformed ASN.1 OIDs.Recommendations:
Bouncy Castle for Java versions prior to 1.78
Bouncy Castle for Java - FJA versions prior to 2.0.1
Exploit
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bouncy Castle For Java
Debian