PT-2025-43686 · Unknown+1 · Bouncy Castle For Java+1
Published
2025-10-24
·
Updated
2025-10-25
·
CVE-2025-12194
CVSS v4.0
5.9
Medium
| Vector | AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:P/AU:N/R:U/V:C/RE:M/U:Amber |
Name of the Vulnerable Software and Affected Versions
Bouncy Castle for Java FIPS versions 2.1.0 through 2.1.1
Bouncy Castle for Java LTS versions 2.73.0 through 2.73.7
Description
An uncontrolled resource consumption issue exists in Bouncy Castle for Java FIPS and Bouncy Castle for Java LTS. The issue involves excessive allocation and is associated with multiple program files including
AESNativeCFB.Java, AESNativeGCM.Java, SHA256NativeDigest.Java, AESNativeEngine.Java, AESNativeCBC.Java, AESNativeCTR.Java, AESNativeCFB.Java, AESNativeGCM.Java, AESNativeEngine.Java, AESNativeCBC.Java, AESNativeGCMSIV.Java, AESNativeCCM.Java, AESNativeCTR.Java, SHA256NativeDigest.Java, SHA224NativeDigest.Java, SHA3NativeDigest.Java, SHAKENativeDigest.Java, SHA512NativeDigest.Java, and SHA384NativeDigest.Java.Recommendations
Bouncy Castle for Java FIPS versions 2.1.0 through 2.1.1 should be updated.
Bouncy Castle for Java LTS versions 2.73.0 through 2.73.7 should be updated.
Exploit
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bouncy Castle For Java
Debian