Description
Out-of-bounds write vulnerability in Legion of the Bouncy Castle Inc. BC-LTS bcprov-lts8on on ARM allows Overflow Buffers.
This vulnerability is associated with program files https://github.Com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/shake.C, https://github.Com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/sha3.C.
This issue affects BC-LTS: from 2.73.0 before 2.73.12.1.
Issue is only applicable if application involved is accepting memoable SHA3 / SHAKE states from potentially untrusted sources.
This vulnerability is associated with program files https://github.Com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/shake.C, https://github.Com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/sha3.C.
This issue affects BC-LTS: from 2.73.0 before 2.73.12.1.
Issue is only applicable if application involved is accepting memoable SHA3 / SHAKE states from potentially untrusted sources.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
| Link | Providers |
|---|---|
| https://github.com/bcgit/bc-lts-java/wiki/CVE-2026-15997 |
|
History
Thu, 16 Jul 2026 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Out-of-bounds write vulnerability in Legion of the Bouncy Castle Inc. BC-LTS bcprov-lts8on on ARM allows Overflow Buffers. This vulnerability is associated with program files https://github.Com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/shake.C, https://github.Com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/sha3.C. This issue affects BC-LTS: from 2.73.0 before 2.73.12.1. Issue is only applicable if application involved is accepting memoable SHA3 / SHAKE states from potentially untrusted sources. | |
| Title | Native ARM SHA3 / SHAKE `restoreFullState` fails to detect size_t underflow in a crafted encoded state | |
| Weaknesses | CWE-787 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: bcorg
Published:
Updated: 2026-07-16T22:17:16.525Z
Reserved: 2026-07-16T21:47:28.715Z
Link: CVE-2026-15997
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-787
Out-of-bounds Write