GHSA-67mf-3cr5-8w23

Suggest an improvement
Source
https://github.com/advisories/GHSA-67mf-3cr5-8w23
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-67mf-3cr5-8w23/GHSA-67mf-3cr5-8w23.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-67mf-3cr5-8w23
Aliases
Downstream
Related
Published
2025-08-12T12:30:32Z
Modified
2026-02-04T03:46:08.721482Z
Severity
  • 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber CVSS Calculator
Summary
Bouncy Castle for Java on All (API modules) allows Excessive Allocation
Details

A resource allocation vulnerability exists in Bouncy Castle for Java (by Legion of the Bouncy Castle Inc.) that affects all API modules. The vulnerability allows attackers to cause excessive memory allocation through unbounded resource consumption, potentially leading to denial of service. The issue is located in the ASN1ObjectIdentifier.java file in the core module.

This issue affects Bouncy Castle for Java: from BC 1.0 through 1.77, from BC-FJA 1.0.0 through 2.0.0.

Database specific 
{
    "nvd_published_at": "2025-08-12T10:15:26Z",
    "github_reviewed_at": "2025-08-12T19:36:18Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-770"
    ],
    "github_reviewed": true
}
References

Affected packages

Maven
org.bouncycastle:bcprov-jdk14

Package

Name
org.bouncycastle:bcprov-jdk14
View open source insights on deps.dev
Purl
pkg:maven/org.bouncycastle/bcprov-jdk14

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0
Fixed
1.78

Affected versions

1.*
1.38
1.43
1.44
1.45
1.46
1.47
1.48
1.49
1.50
1.51
1.53
1.54
1.55
1.56
1.57
1.58
1.59
1.60
1.61
1.62
1.63
1.64
1.65
1.67
1.68
1.69
1.70
1.71
1.72
1.73
1.74
1.75
1.76
1.77

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-67mf-3cr5-8w23/GHSA-67mf-3cr5-8w23.json"
org.bouncycastle:bcprov-jdk15to18

Package

Name
org.bouncycastle:bcprov-jdk15to18
View open source insights on deps.dev
Purl
pkg:maven/org.bouncycastle/bcprov-jdk15to18

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0
Fixed
1.78

Affected versions

1.*
1.63
1.64
1.65
1.66
1.67
1.68
1.69
1.70
1.71
1.72
1.73
1.74
1.75
1.76
1.77

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-67mf-3cr5-8w23/GHSA-67mf-3cr5-8w23.json"
org.bouncycastle:bcprov-jdk18on

Package

Name
org.bouncycastle:bcprov-jdk18on
View open source insights on deps.dev
Purl
pkg:maven/org.bouncycastle/bcprov-jdk18on

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0
Fixed
1.78

Affected versions

1.*
1.71
1.71.1
1.72
1.73
1.74
1.75
1.76
1.77

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-67mf-3cr5-8w23/GHSA-67mf-3cr5-8w23.json"
org.bouncycastle:bctls-jdk14

Package

Name
org.bouncycastle:bctls-jdk14
View open source insights on deps.dev
Purl
pkg:maven/org.bouncycastle/bctls-jdk14

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0
Fixed
1.78

Affected versions

1.*
1.61
1.62
1.63
1.64
1.65
1.67
1.68
1.69
1.70
1.71
1.72
1.73
1.74
1.75
1.76
1.77

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-67mf-3cr5-8w23/GHSA-67mf-3cr5-8w23.json"
org.bouncycastle:bctls-jdk15to18

Package

Name
org.bouncycastle:bctls-jdk15to18
View open source insights on deps.dev
Purl
pkg:maven/org.bouncycastle/bctls-jdk15to18

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0
Fixed
1.78

Affected versions

1.*
1.63
1.64
1.65
1.66
1.67
1.68
1.69
1.70
1.71
1.72
1.73
1.74
1.75
1.76
1.77

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-67mf-3cr5-8w23/GHSA-67mf-3cr5-8w23.json"
org.bouncycastle:bctls-jdk18on

Package

Name
org.bouncycastle:bctls-jdk18on
View open source insights on deps.dev
Purl
pkg:maven/org.bouncycastle/bctls-jdk18on

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0
Fixed
1.78

Affected versions

1.*
1.71
1.71.1
1.72
1.73
1.74
1.75
1.76
1.77

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-67mf-3cr5-8w23/GHSA-67mf-3cr5-8w23.json"
org.bouncycastle:bc-fips

Package

Name
org.bouncycastle:bc-fips
View open source insights on deps.dev
Purl
pkg:maven/org.bouncycastle/bc-fips

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0.0
Fixed
1.0.2.6

Affected versions

1.*
1.0.0
1.0.1
1.0.2
1.0.2.1
1.0.2.3
1.0.2.4
1.0.2.5

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-67mf-3cr5-8w23/GHSA-67mf-3cr5-8w23.json"
org.bouncycastle:bc-fips

Package

Name
org.bouncycastle:bc-fips
View open source insights on deps.dev
Purl
pkg:maven/org.bouncycastle/bc-fips

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.0.1

Affected versions

2.*
2.0.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-67mf-3cr5-8w23/GHSA-67mf-3cr5-8w23.json"