Bug 2388912 (CVE-2025-9092)
| Summary: | CVE-2025-9092 org.bouncycastle: Bouncycastle Resource Exhaustion | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | aazores, anstephe, anthomas, aschwart, asoldano, ataylor, avibelli, bbaranow, bgeorges, bmaxwell, boliveir, brian.stansberry, ccranfor, chfoley, clement.escoffier, cmah, dandread, darran.lofthouse, dbruscin, dfreiber, dhanak, dkreling, dosoudil, drosa, drow, eaguilar, ebaron, ehelms, eric.wittmann, fjuma, fmariani, fmongiar, ggainey, gmalinko, gsmet, ibek, istudens, ivassile, iweiss, janstey, jburrell, jcantril, jkoehler, jmartisk, jnethert, jolong, jpechane, jpoth, jrokos, jscholz, juwatts, kvanderr, kverlaen, lphiri, lthon, manderse, mhulan, mnovotny, mosmerov, mposolda, msochure, msvehla, nipatil, nmoumoul, nwallace, olubyans, osousa, pantinor, pcreech, pdelbell, pesilva, pgallagh, pjindal, pmackay, probinso, rchan, rguimara, rkubis, rojacob, rruss, rstancel, rstepani, rsvoboda, sausingh, sbiarozk, sdawley, smaestri, smallamp, ssilvert, sthorger, swoodman, tcunning, tmalecek, tom.jenkinson, tqvarnst, vkumar, vmuzikar, yfang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
Uncontrolled Resource Consumption vulnerability has been discovered in the Legion of the Bouncy Castle Inc. Bouncy Castle for Java. In multi-JVM environments BC-FJA 2.1.0 could be found to create many library directories for the .so files required for native support, even though the files contained in the directories could have been shared. This could lead to server fragility, particularly in the case where it was difficult to identify which library directories were in use and which were not, with the subsequent strain on resources leading to service failure.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2389223, 2389228, 2389232, 2389233, 2389222, 2389224, 2389225, 2389226, 2389227, 2389229, 2389230, 2389231, 2389234 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-08-16 11:01:08 UTC
|