mirrored from https://www.bouncycastle.org/repositories/bc-java
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
CVE‐2025‐9340
David Hook edited this page Aug 29, 2025
·
2 revisions
Issue affecting: BC Java 2.1.0, BC-LTS 2.73.0 to BC-LTS 2.73.7
Fixed versions: BC Java 2.1.1, BC-LTS 2.73.8
Platform affected: All JVMs.
The JCE Cipher.doFinal() which takes input and output arrays can accidentally overwrite input where the two arrays are the same and the output is offset to a different value from the input offset leading to the production of garbage encryptions/decrytions.