CVE-2025-9341

Source
https://cve.org/CVERecord?id=CVE-2025-9341
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9341.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-9341
Aliases
Published
2025-08-22T09:09:17.111Z
Modified
2026-07-08T07:28:22.216812229Z
Severity
  • 5.9 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:P/AU:N/R:U/V:C/RE:M/U:Amber CVSS Calculator
Summary
Garbage collection can delay for AES CBC Native support, resulting in heap exhaustion
Details

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files org/bouncycastle/crypto/fips/AESNativeCBC.Java, org/bouncycastle/crypto/engines/AESNativeCBC.Java.

This issue affects Bouncy Castle for Java FIPS: 2.1.0; Bouncy Castle for Java LTS: from 2.73.0 through 2.73.7.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "2.1.0"
                },
                {
                    "last_affected": "2.1.0"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/9xxx/CVE-2025-9341.json",
    "cna_assigner": "bcorg",
    "cwe_ids": [
        "CWE-400"
    ]
}
References

Affected packages

Git / github.com/bcgit/bc-lts-java

Affected ranges

Type
GIT
Repo
https://github.com/bcgit/bc-lts-java
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "2.73.0"
        },
        {
            "last_affected": "2.73.7"
        }
    ]
}

Affected versions

Other
r2rv73dot0
r2rv73dot1
r2rv73dot3
r2rv73dot4
r2rv73dot6
r2rv73dot7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9341.json"