Bug 2388912 (CVE-2025-9092) - CVE-2025-9092 org.bouncycastle: Bouncycastle Resource Exhaustion
Summary: CVE-2025-9092 org.bouncycastle: Bouncycastle Resource Exhaustion
Keywords:
Status: NEW
Alias: CVE-2025-9092
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2389223 2389228 2389232 2389233 2389222 2389224 2389225 2389226 2389227 2389229 2389230 2389231 2389234
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-08-16 11:01 UTC by OSIDB Bzimport
Modified: 2025-09-03 08:28 UTC (History)
98 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-08-16 11:01:08 UTC 
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips (API modules) allows Excessive Allocation. This vulnerability is associated with program files org.Bouncycastle.Crypto.Fips.NativeLoader.

This issue affects Bouncy Castle for Java - BC-FJA 2.1.0: from BC-FJA 2.1.0 through 2.1.0.
Note You need to log in before you can comment on or make changes to this bug.