CVE-2026-15997
BC-LTS bcprov-lts8on (ARM) contains a native C vulnerability in SHA3/SHAKE handling: restoreFullState may underflow size_t in crafted encoded state, enabling an out-of-bounds write. Affects BC-LTS 2.73.0–before 2.73.12.1; control flows that accept memoable SHA3/SHAKE states from untrusted sources...