Description
A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X86_64, AVX, AVX-512f.

This vulnerability is associated with program files gcm128w, gcm512w.



This issue affects BC-LTS: from 2.73.0 before 2.73.11.
Published: 2026-05-08
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Legion of the Bouncy Castle Inc. BC-LTS library on Linux for x86_64, AVX, and AVX-512f causes a BadTagException when GCM decryption is performed in chunked mode at certain boundaries. The failure can abort decryption and disrupt any service that relies on the library to process ciphertext, effectively causing a denial‑of‑service condition. The issue is present in the gcm128w and gcm512w modules, and the underlying weakness is reflected in CWE-1068, indicating that externally controlled input can influence internal pointer logic during authentication tag verification.

Affected Systems

The issue affects the BC‑LTS component, version 2.73.0 through 2.73.10, running on Linux x86_64 with AVX or AVX‑512f instruction sets. The problematic modules are gcm128w and gcm512w within that library.

Risk and Exploitability

The CVSS score is 5.1, indicating moderate severity, and the EPSS score is less than 1%, while it is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply crafted, chunked ciphertext to an application that uses BC‑LTS for decryption; this can occur when the attacker can pass input to the decryption API, such as via a network service or any component that processes untrusted data. The impact is primarily availability, as the decryption failure terminates the operation and may disrupt dependent services.

Generated by OpenCVE AI on May 19, 2026 at 01:23 UTC.

Remediation

Vendor Workaround

If possible pass whole message to GCM via doFinal(..) for decryption. Issue only occurs when decryption is chunked at certain boundaries.

OpenCVE Recommended Actions

  • Apply the vendor’s recommended workaround by supplying the entire ciphertext to GCM’s doFinal method so that decryption is performed in a single step, preventing chunking‑induced BadTagExceptions.
  • Implement robust GCM decryption error handling: catch BadTagException, log the incident, and trigger recovery logic so the application does not fail unexpectedly.
  • Monitor the vendor’s advisories for any release that includes a fix for this issue and upgrade the library when it becomes available.

Generated by OpenCVE AI on May 19, 2026 at 01:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-mx76-r943-rf8g Bouncy Castle has a vulnerability in program files gcm128w, gcm512w
History

Tue, 19 May 2026 00:30:00 +0000

Type Values Removed Values Added
References

Tue, 19 May 2026 00:00:00 +0000

Type Values Removed Values Added
Description A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X86_64, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-LTS: from 2.73.0 through 2.73.10. A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X86_64, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-LTS: from 2.73.0 before 2.73.11.
References

Mon, 18 May 2026 23:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X86_64, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-FJA: from 2.1.0 through 2.1.2. A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X86_64, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-LTS: from 2.73.0 through 2.73.10.

Sun, 10 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Bouncycastle
Bouncycastle bc-fja
Vendors & Products Bouncycastle
Bouncycastle bc-fja

Fri, 08 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 08 May 2026 06:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X86_64, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-FJA: from 2.1.0 through 2.1.2.
Title GCM chunking can lead to bad tag exception on decryption
Weaknesses CWE-1068
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:N/RE:M/U:Amber'}

Subscriptions

Bouncycastle Bc-fja
cve-icon MITRE

Status: PUBLISHED

Assigner: bcorg

Published:

Updated: 2026-05-18T23:39:06.506Z

Reserved: 2026-05-08T05:23:49.585Z

Link: CVE-2026-8149

cve-icon Vulnrichment

Updated: 2026-05-08T12:50:59.531Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-08T07:16:29.603

Modified: 2026-05-19T00:16:37.920

Link: CVE-2026-8149

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T01:30:26Z

Weaknesses