PT-2025-34333 · Unknown · Bouncy Castle For Java
Published
2025-08-22
·
Updated
2025-10-24
·
CVE-2025-9341
CVSS v4.0
5.9
Medium
| Vector | AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:P/AU:N/R:U/V:C/RE:M/U:Amber |
Name of the Vulnerable Software and Affected Versions:
Bouncy Castle for Java FIPS versions 2.1.0 through 2.1.0
Description:
An uncontrolled resource consumption issue exists in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips, affecting all API modules. This issue allows for excessive allocation and is associated with the program file
org/bouncycastle/crypto/fips/AESNativeCBC.Java.Recommendations:
Bouncy Castle for Java FIPS version 2.1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bouncy Castle For Java