Allocation of Resources Without Limits or Throttling
CiphertextHeader.java allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with new byte may depend on untrusted input within the header of encoded data.