CVE-2026-3505 Overview
CVE-2026-3505 is a resource exhaustion vulnerability discovered in the Bouncy Castle Java library (BC-JAVA bcpg), specifically affecting the PGP modules. The vulnerability stems from unbounded PGP AEAD (Authenticated Encryption with Associated Data) chunk size processing, which allows attackers to trigger pre-authentication resource exhaustion. This allocation of resources without limits or throttling vulnerability (CWE-400) can be exploited remotely without authentication.
Critical Impact
Unbounded PGP AEAD chunk size processing enables pre-authentication denial of service through resource exhaustion, potentially impacting any application relying on Bouncy Castle PGP functionality.
Affected Products
- BC-JAVA (bcpg PGP modules) versions before 1.84
- Applications using vulnerable Bouncy Castle bcpg libraries
- Systems processing PGP-encrypted content with affected versions
Discovery Timeline
- April 15, 2026 - CVE-2026-3505 published to NVD
- April 15, 2026 - Last updated in NVD database
Technical Details for CVE-2026-3505
Vulnerability Analysis
The vulnerability exists in the Bouncy Castle Java library's handling of PGP AEAD encrypted packets. AEAD is a form of authenticated encryption that provides both confidentiality and integrity guarantees for encrypted data. In the affected versions, the library fails to implement proper limits on the chunk size parameter used during AEAD packet processing.
When processing PGP messages using AEAD encryption, the library allocates memory based on the chunk size specified in the incoming data. An attacker can craft a malicious PGP message with an excessively large chunk size value, causing the application to attempt allocation of unreasonable amounts of memory. This occurs before authentication is completed, making it a pre-authentication attack vector that can be exploited without valid credentials.
The resource exhaustion can lead to denial of service conditions, causing application crashes, system instability, or service unavailability for legitimate users. The network-accessible nature of this vulnerability makes it particularly concerning for services that process PGP data from untrusted sources.
Root Cause
The root cause is improper input validation in the PGP module's AEAD chunk processing implementation. The library fails to enforce reasonable upper bounds on the AEAD chunk size parameter before allocating resources based on attacker-controlled input. This allows attackers to specify arbitrarily large chunk sizes that consume excessive system resources.
Attack Vector
The attack can be executed remotely over the network without requiring user interaction or prior authentication. An attacker sends a specially crafted PGP message containing an excessively large AEAD chunk size value to a vulnerable application. The vulnerable Bouncy Castle library processes this malicious input and attempts to allocate memory based on the attacker-specified size, leading to resource exhaustion.
The attack is particularly effective because:
- No authentication is required (pre-auth exploitation)
- Attack complexity is low
- No user interaction is necessary
- The attack can be automated and scaled
For technical details on the vulnerability mechanism and fix, refer to the official security advisory and commit reference.
Detection Methods for CVE-2026-3505
Indicators of Compromise
- Unusual memory consumption spikes in applications processing PGP data
- Application crashes or OutOfMemoryError exceptions in Bouncy Castle PGP processing code
- Increased garbage collection activity followed by service unavailability
- Log entries indicating resource allocation failures during PGP decryption operations
Detection Strategies
- Monitor application memory usage for sudden, unexplained spikes during PGP operations
- Implement application-level logging to track PGP message processing and identify anomalous chunk sizes
- Use dependency scanning tools to identify Bouncy Castle versions prior to 1.84
- Configure JVM monitoring to alert on excessive heap allocation attempts
Monitoring Recommendations
- Set up alerts for memory utilization exceeding baseline thresholds in PGP-processing services
- Implement rate limiting on endpoints that accept PGP-encrypted content
- Monitor application health endpoints for service degradation patterns
- Track and analyze exception logs for java.lang.OutOfMemoryError and related resource exhaustion errors
How to Mitigate CVE-2026-3505
Immediate Actions Required
- Upgrade Bouncy Castle BC-JAVA to version 1.84 or later
- Review applications for Bouncy Castle bcpg dependencies and prioritize patching
- Implement resource limits at the application or container level as a defense-in-depth measure
- Consider temporarily disabling PGP AEAD processing if an immediate upgrade is not feasible
Patch Information
The vulnerability has been addressed in Bouncy Castle BC-JAVA version 1.84. The fix introduces proper validation and limits on AEAD chunk sizes to prevent resource exhaustion attacks. Organizations should update their dependencies to version 1.84 or later as soon as possible.
Patch details are available in the GitHub commit.
Workarounds
- Implement input size validation at the application layer before passing data to Bouncy Castle
- Configure JVM memory limits to contain the impact of resource exhaustion attempts
- Deploy network-level filtering to limit the size of incoming PGP messages
- Use Web Application Firewalls (WAF) to detect and block anomalously large PGP payloads
# Example: Setting JVM memory limits to mitigate resource exhaustion impact
java -Xmx512m -Xms256m -jar your-application.jar
# Example: Maven dependency update to patched version
# Update pom.xml:
# <dependency>
# <groupId>org.bouncycastle</groupId>
# <artifactId>bcpg-jdk18on</artifactId>
# <version>1.84</version>
# </dependency>
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
