3 matches found
CVE-2026-15997
BC-LTS bcprov-lts8on (ARM) contains a native C vulnerability in SHA3/SHAKE handling: restoreFullState may underflow size_t in crafted encoded state, enabling an out-of-bounds write. Affects BC-LTS 2.73.0–before 2.73.12.1; control flows that accept memoable SHA3/SHAKE states from untrusted sources...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in DisposalDaemon.java. In high-core environments under heavy load, the disposal thread can fall behind and allow excessive memory use. Note This issue was reported for environments...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the AESNativeCBC class due to the use of a private instance class, rather than a private static class. An attacker can cause heap exhaustion by triggering excessive memory allocati...