CVE-2026-3505

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BC-JAVA versions prior to 1.84

Description An issue in the bcpg modules allows for unbounded PGP AEAD chunk size, which can lead to pre-authentication resource exhaustion. Resource exhaustion occurs when a system lacks limits or throttling on resource allocation, allowing a requester to consume all available system memory or CPU.

Recommendations Update to version 1.84 or later.

Exploit

Fix

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

CLEANSTART-2026-AV84730

CLEANSTART-2026-DY69070

CLEANSTART-2026-KP10590

CLEANSTART-2026-SR31778

CLEANSTART-2026-TK07726

CLEANSTART-2026-VN28553

CVE-2026-3505

GHSA-CJ8J-37RH-8475

OPENSUSE-SU-2026:10571-1

Affected Products

Bc-Java

CVE-2026-3505

Weakness Enumeration

Related Identifiers

Affected Products

References · 65