Home

Description

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all (pg modules). This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java, OperatorHelper.Java. This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.

PUBLISHED Reserved 2026-03-04 | Published 2026-04-15 | Updated 2026-05-18 | Assigner bcorg




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-770 Allocation of resources without limits or throttling

CWE-400 Uncontrolled Resource Consumption

Product status

Default status
unaffected

1.74 (maven) before 1.80.2
affected

1.81 (maven) before 1.81.1
affected

1.82 (maven) before 1.84
affected

Credits

Disclosure <disclosure@aisle.com> finder

References

github.com/bcgit/bc-java/wiki/CVE‐2026‐3505 vendor-advisory

github.com/...ommit/dc7530939ffb6cdb57636f3609d98e23b94e71c1 patch

cve.org (CVE-2026-3505)

nvd.nist.gov (CVE-2026-3505)

Download JSON