CVE-2025-12194
Description
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files core/src/main/jdk1.9/org/bouncycastle/crypto/fips/AESNativeCFB.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/fips/AESNativeGCM.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/fips/SHA256NativeDigest.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/fips/AESNativeEngine.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/fips/AESNativeCBC.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/fips/AESNativeCTR.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/engines/AESNativeCFB.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/engines/AESNativeGCM.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/engines/AESNativeEngine.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/engines/AESNativeCBC.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/engines/AESNativeGCMSIV.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/engines/AESNativeCCM.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/engines/AESNativeCTR.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/digests/SHA256NativeDigest.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/digests/SHA224NativeDigest.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/digests/SHA3NativeDigest.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/digests/SHAKENativeDigest.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/digests/SHA512NativeDigest.Java, core/src/main/jdk1.9/org/bouncycastle/crypto/digests/SHA384NativeDigest.Java.
This issue affects Bouncy Castle for Java FIPS: from 2.1.0 through 2.1.1; Bouncy Castle for Java LTS: from 2.73.0 through 2.73.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.bouncycastle:bc-fipsMaven | >= 2.1.0, < 2.1.2 | 2.1.2 |
org.bouncycastle:bcprov-debug-lts8onMaven | >= 2.73.0, < 2.73.8 | 2.73.8 |
Affected products
86- Range: >= 2.73.0, <= 2.73.7
- osv-coords85 versionspkg:apk/chainguard/guacamole-client-extensionspkg:apk/chainguard/logstash-fips-9.4pkg:apk/chainguard/logstash-fips-9.4-iamguarded-compatpkg:apk/chainguard/opensearch-3pkg:apk/chainguard/opensearch-3-alertingpkg:apk/chainguard/opensearch-3-analysis-icupkg:apk/chainguard/opensearch-3-analysis-kuromojipkg:apk/chainguard/opensearch-3-analysis-noripkg:apk/chainguard/opensearch-3-analysis-phoneticpkg:apk/chainguard/opensearch-3-analysis-smartcnpkg:apk/chainguard/opensearch-3-analysis-stempelpkg:apk/chainguard/opensearch-3-analysis-ukrainianpkg:apk/chainguard/opensearch-3-anomaly-detectionpkg:apk/chainguard/opensearch-3-asynchronous-searchpkg:apk/chainguard/opensearch-3-cross-cluster-replicationpkg:apk/chainguard/opensearch-3-crypto-kmspkg:apk/chainguard/opensearch-3-custom-codecspkg:apk/chainguard/opensearch-3-discovery-azure-classicpkg:apk/chainguard/opensearch-3-discovery-ec2pkg:apk/chainguard/opensearch-3-discovery-gcepkg:apk/chainguard/opensearch-3-geospatialpkg:apk/chainguard/opensearch-3-identity-shiropkg:apk/chainguard/opensearch-3-index-managementpkg:apk/chainguard/opensearch-3-ingest-attachmentpkg:apk/chainguard/opensearch-3-job-schedulerpkg:apk/chainguard/opensearch-3-k-nnpkg:apk/chainguard/opensearch-3-mapper-annotated-textpkg:apk/chainguard/opensearch-3-mapper-murmur3pkg:apk/chainguard/opensearch-3-mapper-sizepkg:apk/chainguard/opensearch-3-ml-commonspkg:apk/chainguard/opensearch-3-neural-searchpkg:apk/chainguard/opensearch-3-notificationspkg:apk/chainguard/opensearch-3-observabilitypkg:apk/chainguard/opensearch-3-performance-analyzerpkg:apk/chainguard/opensearch-3-reportingpkg:apk/chainguard/opensearch-3-repository-azurepkg:apk/chainguard/opensearch-3-repository-gcspkg:apk/chainguard/opensearch-3-repository-s3pkg:apk/chainguard/opensearch-3-securitypkg:apk/chainguard/opensearch-3-security-analyticspkg:apk/chainguard/opensearch-3-sqlpkg:apk/chainguard/opensearch-3-store-smbpkg:apk/chainguard/opensearch-3-telemetry-otelpkg:apk/wolfi/opensearch-3pkg:apk/wolfi/opensearch-3-alertingpkg:apk/wolfi/opensearch-3-analysis-icupkg:apk/wolfi/opensearch-3-analysis-kuromojipkg:apk/wolfi/opensearch-3-analysis-noripkg:apk/wolfi/opensearch-3-analysis-phoneticpkg:apk/wolfi/opensearch-3-analysis-smartcnpkg:apk/wolfi/opensearch-3-analysis-stempelpkg:apk/wolfi/opensearch-3-analysis-ukrainianpkg:apk/wolfi/opensearch-3-anomaly-detectionpkg:apk/wolfi/opensearch-3-asynchronous-searchpkg:apk/wolfi/opensearch-3-cross-cluster-replicationpkg:apk/wolfi/opensearch-3-crypto-kmspkg:apk/wolfi/opensearch-3-custom-codecspkg:apk/wolfi/opensearch-3-discovery-azure-classicpkg:apk/wolfi/opensearch-3-discovery-ec2pkg:apk/wolfi/opensearch-3-discovery-gcepkg:apk/wolfi/opensearch-3-geospatialpkg:apk/wolfi/opensearch-3-identity-shiropkg:apk/wolfi/opensearch-3-index-managementpkg:apk/wolfi/opensearch-3-ingest-attachmentpkg:apk/wolfi/opensearch-3-job-schedulerpkg:apk/wolfi/opensearch-3-k-nnpkg:apk/wolfi/opensearch-3-mapper-annotated-textpkg:apk/wolfi/opensearch-3-mapper-murmur3pkg:apk/wolfi/opensearch-3-mapper-sizepkg:apk/wolfi/opensearch-3-ml-commonspkg:apk/wolfi/opensearch-3-neural-searchpkg:apk/wolfi/opensearch-3-notificationspkg:apk/wolfi/opensearch-3-observabilitypkg:apk/wolfi/opensearch-3-performance-analyzerpkg:apk/wolfi/opensearch-3-reportingpkg:apk/wolfi/opensearch-3-repository-azurepkg:apk/wolfi/opensearch-3-repository-gcspkg:apk/wolfi/opensearch-3-repository-s3pkg:apk/wolfi/opensearch-3-securitypkg:apk/wolfi/opensearch-3-security-analyticspkg:apk/wolfi/opensearch-3-sqlpkg:apk/wolfi/opensearch-3-store-smbpkg:apk/wolfi/opensearch-3-telemetry-otelpkg:maven/org.bouncycastle/bc-fipspkg:maven/org.bouncycastle/bcprov-debug-lts8on
< 1.6.0-r2+ 84 more
- (no CPE)range: < 1.6.0-r2
- (no CPE)range: < 9.4.1-r1
- (no CPE)range: < 9.4.1-r1
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: >= 2.1.0, < 2.1.2
- (no CPE)range: >= 2.73.0, < 2.73.8
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.