Legion Of The Bouncy Castle Inc Bc-Java vulnerabilities
5 known vulnerabilities affecting legion_of_the_bouncy_castle_inc/bc-java.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-5598CRITICALCVSS 10.0≥ 2.17.3, < 1.842026-04-15
CVE-2026-5598 [CRITICAL] CWE-385 CVE-2026-5598: Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core mo
Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules).
Non-constant time comparisons risk private key leakage in FrodoKEM.
This issue affects BC-JAVA: from 2.17.3 before 1.84.
nvd
CVE-2025-14813CRITICALCVSS 9.3≥ 1.59, < 1.842026-04-15
CVE-2025-14813 [CRITICAL] CWE-327 CVE-2025-14813: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. B
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlockCipher.
GOSTCTR implementation unable to process more than 255 blocks correctly.
This issue affects BC-JAVA: from 1.59 before 1.84.
nvd
CVE-2026-3505HIGHCVSS 8.7≥ 1.74, < 1.842026-04-15
CVE-2026-3505 [HIGH] CWE-400 CVE-2026-3505: Allocation of resources without limits or throttling vulnerability in Legion of the Bouncy Castle In
Allocation of resources without limits or throttling vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all (pg modules).This issue affects BC-JAVA: before 1.84.
Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.
nvd
CVE-2026-5588MEDIUMCVSS 6.3≥ 1.67, < 1.842026-04-15
CVE-2026-5588 [MEDIUM] CWE-327 CVE-2026-5588: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc.
: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules).
PKIX draft CompositeVerifier accepts empty signature sequence as valid.
This issue affects BC-JAVA: from 1.49 before 1.84.
nvd
CVE-2026-0636MEDIUMCVSS 5.5≥ 1.74, < 1.842026-04-15
CVE-2026-0636 [MEDIUM] CWE-90 CVE-2026-0636: Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability i
Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper.
This issue affects BC-JAVA: from 1.74 before 1.84.
nvd