VDB
GHSA-cj8j-37rh-8475
GHSA-cj8j-37rh-8475
PUBLISHED
CVSS 8.699999809265137 HIGH
Bouncy Castle Uncontrolled Resource Consumption vulnerability
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.bouncycastle:bcpg-jdk15on | 0, 0, 0 |
| Maven | org.bouncycastle:bcpg-jdk14 | 1.84, 0, 0 |
| Maven | org.bouncycastle:bcpg-jdk18on | 0, 0, 1.84 |
| Maven | org.bouncycastle:bcpg-jdk12 | 0, 0, 0 |
| Maven | org.bouncycastle:bcpg-jdk16 | 0, 0, 0 |
| Maven | org.bouncycastle:bcpg-jdk15to18 | 0, 0, 0 |
| Maven | org.bouncycastle:bcpg-jdk15 | 0, 0, 0 |
Exploit Intelligence
- dependency-check-suppress.xml (github-poc)
- dependency-check-suppress.xml (github-poc)
Timeline
- Apr 17, 2026 CVE Published
- Apr 18, 2026 CVE Updated
- Apr 18, 2026 Security Advisory
References
- https://nvd.nist.gov/vuln/detail/CVE-2026-3505 advisory
- https://github.com/bcgit/bc-java/commit/dc7530939ffb6cdb57636f3609d98e23b94e71c1 url
- https://github.com/bcgit/bc-java package
- https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%903505 url
- Bouncy Castle Uncontrolled Resource Consumption vulnerability advisory