Home

CVE-2025-8916

Description

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.Java, https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.Java.This issue affects BC Java: from 1.44 through 1.78; BC Java: from 1.44 through 1.78; BCPKIX FIPS: from 1.0.0 through 1.0.7, from 2.0.0 through 2.0.7.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.035

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0Windows
Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0Windows
Vulnerabilities CVE-2025-8916 are fixed in BouncyCastle-bcpkix-jdk18on 1.79Windows
Vulnerabilities CVE-2025-8916 are fixed in BouncyCastle - bcpkix-jdk15on 1.79Windows
Vulnerabilities CVE-2025-8916 are fixed in BouncyCastle - bcpkix-jdk15to18 1.79Windows
Vulnerabilities CVE-2025-8916 are fixed in BouncyCastle - bcpkix-fips 1.0.8Windows
Vulnerabilities CVE-2025-8916 are fixed in BouncyCastle - bcpkix-fips 2.0.8Windows
Multiple Vulnerabilities are affected in IBM App Connect Enterprise 12.0.12.16Windows
Multiple Vulnerabilities are affected in IBM App Connect Enterprise 13.0.4.2Windows
Vulnerabilities CVE-2025-8916 are fixed in BouncyCastle-bcpkix-jdk18on for Linux 1.79Linux
Vulnerabilities CVE-2025-8916 are fixed in BouncyCastle - bcpkix-jdk15on for Linux 1.79Linux
Vulnerabilities CVE-2025-8916 are fixed in BouncyCastle - bcpkix-jdk15to18 for Linux 1.79Linux
Vulnerabilities CVE-2025-8916 are fixed in BouncyCastle - bcpkix-fips for Linux 1.0.8Linux
Vulnerabilities CVE-2025-8916 are fixed in BouncyCastle - bcpkix-fips for Linux 2.0.8Linux
Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-8916)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234