Bug 2388195 (CVE-2025-8916) - CVE-2025-8916 org.bouncycastle: BouncyCastle denial of service
Summary: CVE-2025-8916 org.bouncycastle: BouncyCastle denial of service
Keywords:
Status: NEW
Alias: CVE-2025-8916
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2388277 2388282 2388289 2388290 2388291 2388292 2388276 2388278 2388279 2388280 2388281 2388283 2388284 2388285 2388286 2388287 2388288 2388294 2388295
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-08-13 10:01 UTC by OSIDB Bzimport
Modified: 2025-09-03 08:28 UTC (History)
100 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-08-13 10:01:28 UTC 
Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files  https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertP... https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.java ,  https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathRevi... https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java .

This issue affects Bouncy Castle for Java: from BC 1.44 through 1.78, from BCPKIX FIPS 1.0.0 through 1.0.7, from BCPKIX FIPS 2.0.0 through 2.0.7.
Note You need to log in before you can comment on or make changes to this bug.