Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.bouncycastle/bcprov-jdk15to18@1.0
Typemaven
Namespaceorg.bouncycastle
Namebcprov-jdk15to18
Version1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.78
Latest_non_vulnerable_version1.84
Affected_by_vulnerabilities
0
url VCID-rary-mqyu-2yes
vulnerability_id VCID-rary-mqyu-2yes
summary 
Bouncy Castle for Java on All (API modules) allows Excessive Allocation
A resource allocation vulnerability exists in Bouncy Castle for Java (by Legion of the Bouncy Castle Inc.) that affects all API modules. The vulnerability allows attackers to cause excessive memory allocation through unbounded resource consumption, potentially leading to denial of service. The issue is located in the ASN1ObjectIdentifier.java file in the core module.

This issue affects Bouncy Castle for Java: from BC 1.0 through 1.77, from BC-FJA 1.0.0 through 2.0.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8885.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8885.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-8885
reference_id
reference_type
scores
0
value 0.00071
scoring_system epss
scoring_elements 0.216
published_at 2026-04-16T12:55:00Z
1
value 0.00071
scoring_system epss
scoring_elements 0.21601
published_at 2026-04-13T12:55:00Z
2
value 0.00071
scoring_system epss
scoring_elements 0.21659
published_at 2026-04-12T12:55:00Z
3
value 0.00071
scoring_system epss
scoring_elements 0.21697
published_at 2026-04-11T12:55:00Z
4
value 0.00071
scoring_system epss
scoring_elements 0.21686
published_at 2026-04-09T12:55:00Z
5
value 0.00071
scoring_system epss
scoring_elements 0.21628
published_at 2026-04-08T12:55:00Z
6
value 0.00071
scoring_system epss
scoring_elements 0.21551
published_at 2026-04-07T12:55:00Z
7
value 0.00071
scoring_system epss
scoring_elements 0.218
published_at 2026-04-04T12:55:00Z
8
value 0.00071
scoring_system epss
scoring_elements 0.21745
published_at 2026-04-02T12:55:00Z
9
value 0.00077
scoring_system epss
scoring_elements 0.22872
published_at 2026-04-21T12:55:00Z
10
value 0.00077
scoring_system epss
scoring_elements 0.22909
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-8885
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8885
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8885
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/bcgit/bc-java
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java
5
reference_url https://github.com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
6
reference_url https://github.com/bcgit/bc-java/commit/3790993df5d28f661a64439a8664343437ed3865
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/3790993df5d28f661a64439a8664343437ed3865
7
reference_url https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T18:14:28Z/
url https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-8885
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-8885
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2387790
reference_id 2387790
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2387790
10
reference_url https://github.com/advisories/GHSA-67mf-3cr5-8w23
reference_id GHSA-67mf-3cr5-8w23
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-67mf-3cr5-8w23
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-jdk15to18@1.78
purl pkg:maven/org.bouncycastle/bcprov-jdk15to18@1.78
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15to18@1.78
aliases CVE-2025-8885, GHSA-67mf-3cr5-8w23
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rary-mqyu-2yes
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15to18@1.0