Primary

Context

Bouncy Castle for Java FIPS Uncontrolled Resource Consumption Vulnerability Allowing Excessive Allocation

Vulnerability

A vulnerability allowing uncontrolled resource consumption has been identified in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS. This issue, present in all API modules, arises from the AESNativeCBC class using a private instance class instead of a private static class. As a result, some garbage collectors failed to reclaim native CBC ciphers no longer in use, potentially leading to an OutOfMemoryError and causing the calling application to fail. This vulnerability affects Bouncy Castle for Java FIPS versions BC-FJA 2.1.0 and BC-LTS 2.73.7.

Impact

Exploitation of this vulnerability could result in a memory leak, causing an OutOfMemoryError and subsequent failure of the application using the affected library.

Remediation

Users can upgrade to Bouncy Castle for Java FIPS versions BC-FJA 2.1.1 or BC-LTS 2.73.8 to address this vulnerability.

Added: Aug 22, 2025, 9:16 AM

Updated: Aug 22, 2025, 9:16 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

5.7

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

5.7

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bouncy Castle for Java FIPS Uncontrolled Resource Consumption Vulnerability Allowing Excessive Allocation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating