CVE-2026-3505

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all (pg modules). This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java, OperatorHelper.Java. This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.
Configurations

No configuration.

History

30 Jun 2026, 03:19

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References
  • () https://access.redhat.com/errata/RHSA-2026:13631 -
  • () https://access.redhat.com/errata/RHSA-2026:17668 -
  • () https://access.redhat.com/errata/RHSA-2026:18054 -
  • () https://access.redhat.com/errata/RHSA-2026:18055 -
  • () https://access.redhat.com/errata/RHSA-2026:18059 -
  • () https://access.redhat.com/security/cve/CVE-2026-3505 -
  • () https://bugzilla.redhat.com/show_bug.cgi?id=2458638 -
  • () https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3505.json -

19 May 2026, 00:16

Type Values Removed Values Added
Summary (en) Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all (pg modules). This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java, OperatorHelper.Java. This issue affects BC-JAVA: from 1.74 before 1.84. (en) Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all (pg modules). This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java, OperatorHelper.Java. This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.

21 Apr 2026, 17:16

Type Values Removed Values Added
Summary (en) Allocation of resources without limits or throttling vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all (pg modules).This issue affects BC-JAVA: before 1.84. Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion. (en) Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all (pg modules). This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java, OperatorHelper.Java. This issue affects BC-JAVA: from 1.74 before 1.84.

15 Apr 2026, 11:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-04-15 10:16

Updated : 2026-06-30 03:19


NVD link : CVE-2026-3505

Mitre link : CVE-2026-3505

CVE.ORG link : CVE-2026-3505


JSON object : View

Products Affected

No product.

CWE
CWE-400

Uncontrolled Resource Consumption

CWE-770

Allocation of Resources Without Limits or Throttling