CVE-2025-8885 – org.bouncycastle:bctls-jdk18on

Package

Manager: maven
Name: org.bouncycastle:bctls-jdk18on
Vulnerable Version: >=1.0 <1.78

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber

EPSS: 0.00055 pctl0.17283

Details

Bouncy Castle for Java on All (API modules) allows Excessive Allocation A resource allocation vulnerability exists in Bouncy Castle for Java (by Legion of the Bouncy Castle Inc.) that affects all API modules. The vulnerability allows attackers to cause excessive memory allocation through unbounded resource consumption, potentially leading to denial of service. The issue is located in the ASN1ObjectIdentifier.java file in the core module. This issue affects Bouncy Castle for Java: from BC 1.0 through 1.77, from BC-FJA 1.0.0 through 2.0.0.

Metadata

Created: 2025-08-12T12:30:32Z
Modified: 2025-09-03T13:04:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-67mf-3cr5-8w23/GHSA-67mf-3cr5-8w23.json
CWE IDs: ["CWE-770"]
Alternative ID: GHSA-67mf-3cr5-8w23
Finding: F067
Auto approve: 1