VulnerableCode Package Details - pkg:maven/org.bouncycastle/bcpkix-jdk18on@1.73

Search for packages

Vulnerability	Summary	Fixed by
VCID-wqgc-hd9r-zuek Aliases: CVE-2025-8916 GHSA-4cx2-fc23-5wg6	Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertP... https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.java , https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathRevi... https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java . This issue affects Bouncy Castle for Java: from BC 1.44 through 1.78, from BCPKIX FIPS 1.0.0 through 1.0.7, from BCPKIX FIPS 2.0.0 through 2.0.7.	1.79 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-wqgc-hd9r-zuek
Aliases:
CVE-2025-8916
GHSA-4cx2-fc23-5wg6

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertP... https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.java , https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathRevi... https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java . This issue affects Bouncy Castle for Java: from BC 1.44 through 1.78, from BCPKIX FIPS 1.0.0 through 1.0.7, from BCPKIX FIPS 2.0.0 through 2.0.7.

1.79
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-sz15-payv-uyab	Uncontrolled Resource Consumption Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.	CVE-2023-33202 GHSA-wjxj-5m7g-mg7q

Vulnerability

Summary

Aliases

VCID-sz15-payv-uyab

Uncontrolled Resource Consumption Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.

CVE-2023-33202
GHSA-wjxj-5m7g-mg7q

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:35:14.460215+00:00	GitLab Importer	Affected by	VCID-wqgc-hd9r-zuek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcpkix-jdk18on/CVE-2025-8916.yml	38.4.0
2026-04-16T22:43:51.827026+00:00	GitLab Importer	Fixing	VCID-sz15-payv-uyab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcpkix-jdk18on/CVE-2023-33202.yml	38.4.0
2026-04-12T00:55:29.850902+00:00	GitLab Importer	Affected by	VCID-wqgc-hd9r-zuek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcpkix-jdk18on/CVE-2025-8916.yml	38.3.0
2026-04-12T00:03:27.399145+00:00	GitLab Importer	Fixing	VCID-sz15-payv-uyab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcpkix-jdk18on/CVE-2023-33202.yml	38.3.0
2026-04-03T01:03:39.513161+00:00	GitLab Importer	Affected by	VCID-wqgc-hd9r-zuek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcpkix-jdk18on/CVE-2025-8916.yml	38.1.0
2026-04-03T00:08:08.418787+00:00	GitLab Importer	Fixing	VCID-sz15-payv-uyab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcpkix-jdk18on/CVE-2023-33202.yml	38.1.0
2026-04-02T17:00:44.335031+00:00	GHSA Importer	Fixing	VCID-sz15-payv-uyab	https://github.com/advisories/GHSA-wjxj-5m7g-mg7q	38.1.0
2026-04-01T12:58:49.662102+00:00	GithubOSV Importer	Fixing	VCID-sz15-payv-uyab	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-wjxj-5m7g-mg7q/GHSA-wjxj-5m7g-mg7q.json	38.0.0
2026-04-01T12:52:08.964011+00:00	GitLab Importer	Fixing	VCID-sz15-payv-uyab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bouncycastle/bcpkix-jdk18on/CVE-2023-33202.yml	38.0.0