Bouncy Castle for Java BC-FJA Uncontrolled Resource Consumption Vulnerability

A vulnerability allowing uncontrolled resource consumption has been identified in Bouncy Castle for Java - BC-FJA version 2.1.0, specifically in the bc-fips API modules. This vulnerability arises from excessive allocation of resources, particularly in multi-JVM environments, where the native loader creates multiple library directories for shared .so files, leading to resource exhaustion and potential service failures.

Impact

Excessive resource allocation can cause server fragility and service failures, particularly in environments with multiple JVMs.

Remediation

Users can upgrade to Bouncy Castle for Java - BC-FJA version 2.1.1, where the native loader has been modified to reuse existing library files instead of creating new ones. In the meantime, it is advisable to limit the number of JVMs running BC-FJA 2.1.0 to allow for effective monitoring and cleanup, or to configure the module to write native support files to a file system with adequate capacity.