{"id":"CVE-2025-9341","summary":"Garbage collection can delay for AES CBC Native support, resulting in heap exhaustion","details":"Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files org/bouncycastle/crypto/fips/AESNativeCBC.Java, org/bouncycastle/crypto/engines/AESNativeCBC.Java.\n\nThis issue affects Bouncy Castle for Java FIPS: 2.1.0; Bouncy Castle for Java LTS: from 2.73.0 through 2.73.7.","aliases":["GHSA-jfcv-jv9g-2vx2"],"modified":"2026-07-15T01:49:06.445078539Z","published":"2025-08-22T09:09:17.111Z","database_specific":{"cna_assigner":"bcorg","cwe_ids":["CWE-400"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/9xxx/CVE-2025-9341.json","unresolved_ranges":[{"extracted_events":[{"introduced":"2.1.0"},{"last_affected":"2.1.0"}],"source":"AFFECTED_FIELD"}]},"references":[{"type":"WEB","url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%909341"},{"type":"WEB","url":"https://repo1.maven.org/maven2/org/bouncycastle"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/9xxx/CVE-2025-9341.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9341"},{"type":"PACKAGE","url":"https://github.com/bcgit/bc-lts-java"},{"type":"PACKAGE","url":"ssh://bcgit@git.bouncycastle.org:bc-fips-2.1.X-java.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bcgit/bc-lts-java","events":[{"introduced":"468b5082f3f0971e80bf9edb7029c17b39b9ba0c"},{"last_affected":"d12b4c076c57eba0d226d422fd7ad2669758d876"}],"database_specific":{"extracted_events":[{"introduced":"2.73.0"},{"last_affected":"2.73.7"}],"source":"AFFECTED_FIELD"}}],"versions":["r2rv73dot7","r2rv73dot6","r2rv73dot4","r2rv73dot3","r2rv73dot1","r2rv73dot0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9341.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:P/AU:N/R:U/V:C/RE:M/U:Amber"}]}