CVE-2025-9341

Опубликовано: 22 авг. 2025

Источник: redhat

CVSS3: 6.2

Описание

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files org/bouncycastle/crypto/fips/AESNativeCBC.Java, org/bouncycastle/crypto/engines/AESNativeCBC.Java. This issue affects Bouncy Castle for Java FIPS: 2.1.0; Bouncy Castle for Java LTS: from 2.73.0 through 2.73.7.

A flaw was found in Bouncy Castle for Java FIPS. This uncontrolled resource consumption vulnerability allows an attacker to cause a Denial of Service (DoS) by triggering excessive memory allocation. This can lead to the affected system becoming unresponsive or crashing due to resource exhaustion.

Отчет

This vulnerability is rated Moderate. In the Red Hat context, impact is limited as the vulnerable code is not present in Red Hat Enterprise Application Platform versions eap-8.0.z, eap-8.1.z, and eapxp-5.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss Enterprise Application Platform 8	bc-fips	Not affected
Red Hat JBoss Enterprise Application Platform Expansion Pack	bc-fips	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=2390278org.bouncycastle/bc-fips: Bouncy Castle for Java FIPS: Denial of Service via excessive memory allocation

6.2 Medium

CVSS3

Связанные уязвимости

CVE-2025-9341

nvd

7 месяцев назад

GHSA-jfcv-jv9g-2vx2

github

7 месяцев назад

Bouncy Castle for Java has Uncontrolled Resource Consumption Vulnerability

6.2 Medium

CVSS3