CVE‐2025‐9341

Issue affecting: BC-FJA 2.1.0, BC-LTS 2.73.0

Fixed versions: BC-FJA 2.1.1, BC-LTS 2.73.8

Platform affected: All JVMs.

The use of a private instance class, rather than a private static class, in the AESNativeCBC class caused some garbage collectors to fail to collect native CBC ciphers when no longer in use. This could lead to OutOfMemoryError and subsequent failure of the calling application. The class has now been replaced with a private static class.

It should be noted that while we have received reports of this issue for BC-FJA 2.1.0, we have not received any for BC-LTS 2.73.7, however analysis indicates that it must be present and should show up eventually if not dealt with by upgrading.

Fix Commits

https://github.com/bcgit/bc-lts-java/commit/e911e12db80b691a49bc8ff9ff9d418a9b6b42f1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE‐2025‐9341

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally