CVE-2025-8916

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-8916
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-8916.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-8916
Aliases
Downstream
Related
Published
2025-08-13T09:31:21.181Z
Modified
2026-05-18T05:57:38.380236047Z
Severity
  • 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber CVSS Calculator
Summary
Possible DOS in processing large name constraint structures in PKIXCertPathReveiwer
Details

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.Java, https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.Java.

This issue affects BC Java: from 1.44 through 1.78; BC Java: from 1.44 through 1.78; BCPKIX FIPS: from 1.0.0 through 1.0.7, from 2.0.0 through 2.0.7.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "1.0.0"
                },
                {
                    "last_affected": "1.0.7"
                },
                {
                    "introduced": "2.0.0"
                },
                {
                    "last_affected": "2.0.7"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/8xxx/CVE-2025-8916.json",
    "cna_assigner": "bcorg",
    "cwe_ids": [
        "CWE-770"
    ]
}
References

Affected packages

Git / github.com/bcgit/bc-java

Affected ranges

Type
GIT
Repo
https://github.com/bcgit/bc-java
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
30c6cc60ef5aa9062a083a8cea3e5c4f96d91a2a
Database specific 
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "1.44"
        },
        {
            "last_affected": "1.78"
        }
    ]
}

Affected versions

Other
r1rv73
r1rv74
r1rv75
r1rv76
r1rv77
r1rv78

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-8916.json"