CVE-2026-8149
Legion of the Bouncy Castle BC-FJA BC-FIPS Buffer Overflow
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: bcorg
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| legion_of_the_bouncy_castle_inc | bc-fja | From 2.1.0 (inc) to 2.1.2 (inc) |
| legion_of_the_bouncy_castle_inc | bc-fips | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1068 | The implementation of the product is not consistent with the design as described within the relevant documentation. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Legion of the Bouncy Castle Inc.'s BC-FJA and BC-FIPS software on Linux systems using X86_64 architecture with AVX and AVX-512f instruction sets. It is related to the program files gcm128w and gcm512w and impacts versions 2.1.0 through 2.1.2 of BC-FJA.
How can this vulnerability impact me? :
The vulnerability has a CVSS v4.0 base score of 5.1, indicating a moderate severity. It involves local attack vector with low complexity and no privileges or user interaction required. The exact impact details are not specified, but given the affected components relate to cryptographic functions (gcm128w, gcm512w), it could potentially affect the security or integrity of cryptographic operations.