This vulnerability is associated with program files https://github.Com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/shake.C, https://github.Com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/sha3.C.
This issue affects BC-LTS: from 2.73.0 before 2.73.12.1.
Issue is only applicable if application involved is accepting memoable SHA3 / SHAKE states from potentially untrusted sources.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://github.com/bcgit/bc-lts-java/wiki/CVE-2026-15997 |
|
Fri, 17 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 16 Jul 2026 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Out-of-bounds write vulnerability in Legion of the Bouncy Castle Inc. BC-LTS bcprov-lts8on on ARM allows Overflow Buffers. This vulnerability is associated with program files https://github.Com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/shake.C, https://github.Com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/sha3.C. This issue affects BC-LTS: from 2.73.0 before 2.73.12.1. Issue is only applicable if application involved is accepting memoable SHA3 / SHAKE states from potentially untrusted sources. | |
| Title | Native ARM SHA3 / SHAKE `restoreFullState` fails to detect size_t underflow in a crafted encoded state | |
| Weaknesses | CWE-787 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: bcorg
Published:
Updated: 2026-07-17T13:12:39.282Z
Reserved: 2026-07-16T21:47:28.715Z
Link: CVE-2026-15997
Updated: 2026-07-17T13:12:26.431Z
No data.
No data.
OpenCVE Enrichment
No data.