All 5 CVE vulnerabilities found in BC-JAVA, with AI-generated Chinese analysis, references, and POCs.
Vendor: Legion of the Bouncy Castle Inc.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-3505 | Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion. CWE-770 | 7.5 | - | 2026-04-15 |
| CVE-2026-5588 | PKIX draft CompositeVerifier accepts empty signature sequence as valid. CWE-327 | 9.1 | - | 2026-04-15 |
| CVE-2026-5598 | Non-constant time comparisons risk private key leakage in FrodoKEM. CWE-385 | 5.9 | - | 2026-04-15 |
| CVE-2026-0636 | LDAP Injection Vulnerability in LDAPStoreHelper.java CWE-90 | 9.8 | - | 2026-04-15 |
| CVE-2025-14813 | GOSTCTR implementation unable to process more than 255 blocks correctly CWE-327 | 7.5 | - | 2026-04-15 |
All 5 known CVE vulnerabilities affecting BC-JAVA with full Chinese analysis, references, and POCs where available.