Possible DOS in processing specially formed ASN.1 Object Identifiers

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber

Description

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.Java.

This issue affects Bouncy Castle for Java: from BC 1.0 through 1.77, from BC-FJA 1.0.0 through 2.0.0.

Basic Information

ID CVE-2025-8885

Source bcorg

Published Aug 12, 2025 at 09:13

Modified Aug 12, 2025 at 18:14

Affected Product

Vendor Legion of the Bouncy Castle Inc.

Product Bouncy Castle for Java

Version BC 1.0

Affected Versions Legion of the Bouncy Castle Inc. Bouncy Castle for Java BC 1.0
Legion of the Bouncy Castle Inc. Bouncy Castle for Java BC-FJA 1.0.0

CWE Classification

CWE-770

References

github.com /bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885

{
    "lastseen": "",
    "description": "Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.Java.\n\nThis issue affects Bouncy Castle for Java: from BC 1.0 through 1.77, from BC-FJA 1.0.0 through 2.0.0.",
    "published": "2025-08-12T09:13:42.770Z",
    "modified": "2025-08-12T18:14:43.796Z",
    "type": "cve",
    "title": "Possible DOS in processing specially formed ASN.1 Object Identifiers",
    "source": "bcorg",
    "references": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885",
    "id": "CVE-2025-8885",
    "bulletinFamily": "",
    "cwe": [
        "CWE-770"
    ],
    "cvelist": null,
    "sourceData": "Legion of the Bouncy Castle Inc. Bouncy Castle for Java BC 1.0\nLegion of the Bouncy Castle Inc. Bouncy Castle for Java BC-FJA 1.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Bouncy Castle for Java",
    "version": "BC 1.0",
    "vendor": "Legion of the Bouncy Castle Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Possible DOS in processing specially formed ASN.1 Object Identifiers_CVE-2025-8885