Primary

Context

Bouncy Castle for Java Out-of-Bounds Write Vulnerability in BC-FIPS

Vulnerability

Patched

An out-of-bounds write vulnerability has been identified in Legion of the Bouncy Castle Inc. Bouncy Castle for Java BC-FIPS, specifically in version 2.1.0. This vulnerability arises in the JCE Cipher.doFinal() method, which can unintentionally overwrite input data when the input and output arrays are the same, and the output is offset differently from the input. This misalignment can lead to the creation of corrupted encryption or decryption results.

Impact

Exploitation of this vulnerability can cause incorrect encryption or decryption, resulting in corrupted data.

Remediation

Users can upgrade to Bouncy Castle for Java version 2.1.1 to address this vulnerability.

Added: Aug 22, 2025, 10:16 AM

Updated: Aug 22, 2025, 10:16 AM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.4

threat

0.0

urgency

1.4

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.4

threat

0.0

urgency

1.4

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bouncy Castle for Java Out-of-Bounds Write Vulnerability in BC-FIPS

Vulnerability

Impact

Remediation

Affected Products

Legion of the Bouncy Castle Inc. Bouncy Castle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating