CVE-2026-8149

Summary

A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X86_64, AVX, AVX-512f.

This vulnerability is associated with program files gcm128w, gcm512w.

This issue affects BC-LTS: from 2.73.0 before 2.73.11.

Affected Software

VendorProductVersion RangeStatus
Legion of the Bouncy Castle Inc.BC-LTS2.73.0 < 2.73.11affected

Weaknesses

  • CWE-1068: CWE-1068

Workarounds

If possible pass whole message to GCM via doFinal(..) for decryption. Issue only occurs when decryption is chunked at certain boundaries.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References