CVE-2025-8916

Data: 2025-08-26

Severity: Medium

CVSS Score: 6.3 (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber)

Riferimenti:

• https://nvd.nist.gov/vuln/detail/CVE-2025-8916

• https://ossindex.sonatype.org/vulnerability/CVE-2025-8916

• https://github.com/advisories/GHSA-4cx2-fc23-5wg6

Libreria: org.bouncycastle:bcpkix-jdk18on < 1.79

Descrizione

[CVE-2025-8916] CWE-770: Allocation of Resources Without Limits or Throttling

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertP… https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.java , https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathRevi… https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java .

This issue affects Bouncy Castle for Java: from BC 1.44 through 1.78, from BCPKIX FIPS 1.0.0 through 1.0.7, from BCPKIX FIPS 2.0.0 through 2.0.7.

GovWay

Versione affette:

• 3.3.x: <= 3.3.17

• 3.4.x: nessuna

Risoluzione:

• 3.3.x: 3.3.18

• 3.4.x: >= 3.4.0