Description
A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X86_64, AVX, AVX-512f.

This vulnerability is associated with program files gcm128w, gcm512w.



This issue affects BC-FJA: from 2.1.0 through 2.1.2.
Published: 2026-05-08
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Legion of the Bouncy Castle Inc. BC-FJA library causes a BadTagException when GCM decryption is performed in chunked mode at certain boundaries. The failure can terminate decryption and disrupt any service that relies on the library to process ciphertext, effectively causing a denial‑of‑service condition. The underlying weakness is reflected in CWE‑1068, indicating that externally controlled input can influence internal pointer logic during authentication tag verification.

Affected Systems

The issue affects the BC‑FJA component, version 2.1.0 through 2.1.2, running on Linux x86_64 with AVX or AVX‑512f instruction sets. The problematic modules are gcm128w and gcm512w within that library.

Risk and Exploitability

The CVSS score is 5.1, indicating moderate severity, and no EPSS data is available; it is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply crafted, chunked ciphertext to an application that uses BC‑FJA for decryption; this can occur when an attacker can pass input to the decryption API, such as via a network service or any component that processes untrusted data. The impact is primarily availability, as the decryption failure terminates the operation and may disrupt dependent services.

Generated by OpenCVE AI on May 8, 2026 at 08:21 UTC.

Remediation

Vendor Workaround

If possible pass whole message to GCM via doFinal(..) for decryption. Issue only occurs when decryption is chunked at certain boundaries.

OpenCVE Recommended Actions

  • Upgrade BC‑FJA to a release that fixes the chunking bug, such as version 2.1.3 or later.
  • If an immediate upgrade is not feasible, avoid chunking the ciphertext: supply the entire message to the GCM doFinal method so that decryption occurs in one step, as recommended by the vendor.
  • Add explicit error handling around GCM decryption calls; catch BadTagException, log the incident, and implement a recovery path to prevent service failure.

Generated by OpenCVE AI on May 8, 2026 at 08:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 08 May 2026 06:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X86_64, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-FJA: from 2.1.0 through 2.1.2.
Title GCM chunking can lead to bad tag exception on decryption
Weaknesses CWE-1068
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:N/RE:M/U:Amber'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: bcorg

Published:

Updated: 2026-05-08T12:51:03.873Z

Reserved: 2026-05-08T05:23:49.585Z

Link: CVE-2026-8149

cve-icon Vulnrichment

Updated: 2026-05-08T12:50:59.531Z

cve-icon NVD

Status : Received

Published: 2026-05-08T07:16:29.603

Modified: 2026-05-08T07:16:29.603

Link: CVE-2026-8149

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T08:30:04Z

Weaknesses