mirrored from https://www.bouncycastle.org/repositories/bc-java
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
CVE‐2026‐8149
David Hook edited this page May 22, 2026
·
3 revisions
Title: GCM chunking can lead to bad tag exception on decryption
Issue affecting: BC-LTS 2.73.0 to 2.73.10.
Fixed versions: BC-LTS 2.73.11
Platform affected: Java 8 and later (Intel platforms with AES PAA instructions sets)
Issue shows up intermittently where GCM is invoked for decryption using a combination of update() and then a doFinal(). It is possible to work around it by either using doFinal() only (as the BCJSSE does) or by configuring the module to run in pure Java mode, by setting the system property "org.bouncycastle.native.cpu_variant" to java.