Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Legion of the Bouncy Castle Inc. — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting Legion of the Bouncy Castle Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Legion of the Bouncy Castle Inc. develops the Bouncy Castle cryptographic library, widely used for Java and C# cryptographic operations. Historically, vulnerabilities in their software have commonly included remote code execution, cross-site scripting, and privilege escalation flaws. The library's extensive integration into enterprise systems has made it a target for attackers. While no major public security incidents have been documented, the 11 CVEs on record highlight ongoing security challenges in maintaining cryptographic implementations. Regular updates and careful implementation remain critical for organizations using their libraries to prevent potential exploitation of these vulnerabilities.

Top products by Legion of the Bouncy Castle Inc.: BC-JAVA BC Java Bouncy Castle for Java FIPS Bouncy Castle for Java - BC-FJA 2.1.0 Bouncy Castle for Java BC-FJA
CVE IDTitleCVSSSeverityPublished
CVE-2026-8149 GCM chunking can lead to bad tag exception on decryption — BC-FJACWE-1068 9.1AICriticalAI2026-05-08
CVE-2026-3505 Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion. — BC-JAVACWE-770 7.5 -2026-04-15
CVE-2026-5588 PKIX draft CompositeVerifier accepts empty signature sequence as valid. — BC-JAVACWE-327 9.1 -2026-04-15
CVE-2026-5598 Non-constant time comparisons risk private key leakage in FrodoKEM. — BC-JAVACWE-385 5.9 -2026-04-15
CVE-2026-0636 LDAP Injection Vulnerability in LDAPStoreHelper.java — BC-JAVACWE-90 9.8 -2026-04-15
CVE-2025-14813 GOSTCTR implementation unable to process more than 255 blocks correctly — BC-JAVACWE-327 7.5 -2026-04-15
CVE-2025-12194 Bouncy Castle Java 安全漏洞 — Bouncy Castle for Java FIPSCWE-400 7.5 -2025-10-24
CVE-2025-9340 native encrypt/decrypt operations in JCE may corrupt data if same byte array used for input and output. — Bouncy Castle for JavaCWE-787 9.8AICriticalAI2025-08-22
CVE-2025-9341 Garbage collection can delay for AES CBC Native support, resulting in heap exhaustion — Bouncy Castle for Java FIPSCWE-400 7.5AIHighAI2025-08-22
CVE-2025-9092 Hybrid Module Deployment in Multi-JVM Environments Leading to Resource Exhaustion — Bouncy Castle for Java - BC-FJA 2.1.0CWE-400 7.5AIHighAI2025-08-16
CVE-2025-8916 Possible DOS in processing large name constraint structures in PKIXCertPathReveiwer — BC JavaCWE-770 7.5 -2025-08-13
CVE-2025-8885 Possible DOS in processing specially formed ASN.1 Object Identifiers — BC JavaCWE-770 7.5 -2025-08-12

This page lists every published CVE security advisory associated with Legion of the Bouncy Castle Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.