Skip to main content

BC-LTS bcprov EUVDEUVD-2026-45068

| CVE-2026-15997 LOW
Out-of-bounds Write (CWE-787)
2026-07-16 bcorg GHSA-hcmw-xv23-7hqq
1.7
CVSS 4.0 · Vendor: bcorg

Severity by source

Vendor (bcorg) PRIMARY
1.7 LOW
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:A/V:D/RE:M/U:Amber
vuln.today AI
4.7 MEDIUM

Local vector and high complexity reflect ARM-only native code path and mandatory memoable-state feature exposure; no integrity or availability impact is asserted; confidentiality impact aligns with official CVSS 4.0 VC:H rating.

3.1 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (bcorg).

CVSS VectorVendor: bcorg

CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:A/V:D/RE:M/U:Amber
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
A
Scope
P

Lifecycle Timeline

2
Patch available
Jul 17, 2026 - 02:32 EUVD
Analysis Generated
Jul 16, 2026 - 22:46 vuln.today

DescriptionCVE.org

Out-of-bounds write vulnerability in Legion of the Bouncy Castle Inc. BC-LTS bcprov-lts8on on ARM allows Overflow Buffers.

This vulnerability is associated with program files https://github.Com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/shake.C, https://github.Com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/sha3.C.

This issue affects BC-LTS: from 2.73.0 before 2.73.12.1.

Issue is only applicable if application involved is accepting memoable SHA3 / SHAKE states from potentially untrusted sources.

AnalysisAI

Out-of-bounds write in Bouncy Castle BC-LTS bcprov-lts8on affects ARM deployments running versions 2.73.0 through 2.73.12.0, with high confidentiality impact if successfully exploited. The flaw resides in ARM-specific native C implementations of SHA3 and SHAKE algorithms and is only triggered when an application accepts memoable SHA3/SHAKE cryptographic states from potentially untrusted external sources. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify application accepting memoable SHA3/SHAKE state on ARM
Delivery
Craft malicious serialized SHA3/SHAKE state blob
Exploit
Deliver crafted payload to application input surface
Execution
Trigger out-of-bounds write in native ARM SHA3/SHAKE code
Impact
Access corrupted adjacent memory to achieve confidentiality impact

Vulnerability AssessmentAI

Exploitation Exploitation requires all of the following conditions to be met simultaneously: the application must be running on ARM hardware, as the flaw is in ARM-specific native C code and does not affect other architectures; the application must be using BC-LTS bcprov-lts8on versions 2.73.0 through 2.73.12.0; and the application must be explicitly accepting and restoring memoable SHA3 or SHAKE cryptographic state from a source that an attacker controls or can influence, such as user-supplied bytes, external API payloads, or deserialized input. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 1.7, combined with the supplemental E:U (exploitation unreported), accurately conveys that real-world risk is very narrow despite the High confidentiality impact metric. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can supply a crafted memoable SHA3/SHAKE state blob to a Java application using BC-LTS on ARM - for example, through a file upload endpoint, a deserialization flow, or an API that accepts externally-provided cryptographic state - could trigger the out-of-bounds write in the native C layer. Given the high complexity and multiple required preconditions, exploitation would require application-level research to identify a viable input path that reaches the memoable state restoration logic. …
Remediation The primary remediation is to upgrade BC-LTS bcprov-lts8on to version 2.73.12.1 or later, which resolves the out-of-bounds write in the ARM SHA3/SHAKE native code. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Java

View all
CVE-2012-4681 CRITICAL POC
9.8 Aug 28

Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName m

CVE-2015-7450 CRITICAL POC
9.8 Jan 02

Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenti

CVE-2013-2465 CRITICAL POC
9.8 Jun 18

Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthent

CVE-2011-3544 CRITICAL POC
9.8 Oct 19

Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise throug

CVE-2010-1871 HIGH POC
8.8 Aug 05

JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to

CVE-2012-1723 CRITICAL POC
9.8 Jun 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 up

CVE-2013-0422 CRITICAL POC
9.8 Jan 10

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using

CVE-2012-0507 CRITICAL POC
9.8 Jun 07

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Up

CVE-2015-4852 CRITICAL POC
9.8 Nov 18

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers

CVE-2012-5076 CRITICAL POC
9.8 Oct 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow

CVE-2017-3066 CRITICAL POC
9.8 Apr 27

Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla

CVE-2012-0391 CRITICAL POC
9.8 Jan 08

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during

Share

EUVD-2026-45068 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy