diff --git a/advisories/unreviewed/2026/04/GHSA-574f-3g2m-x479/GHSA-574f-3g2m-x479.json b/advisories/unreviewed/2026/04/GHSA-574f-3g2m-x479/GHSA-574f-3g2m-x479.json index f522409bf55fa..245ba0ad4877e 100644 --- a/advisories/unreviewed/2026/04/GHSA-574f-3g2m-x479/GHSA-574f-3g2m-x479.json +++ b/advisories/unreviewed/2026/04/GHSA-574f-3g2m-x479/GHSA-574f-3g2m-x479.json @@ -1,19 +1,94 @@ { "schema_version": "1.4.0", "id": "GHSA-574f-3g2m-x479", - "modified": "2026-04-17T18:31:50Z", + "modified": "2026-04-17T18:32:00Z", "published": "2026-04-17T18:31:50Z", "aliases": [ "CVE-2025-14813" ], - "details": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlockCipher.\n\nGOSTCTR implementation unable to process more than 255 blocks correctly.\n\n\nThis issue affects BC-JAVA: from 1.59 before 1.84.", + "summary": "Use of a Broken or Risky Cryptographic Algorithm", + "details": "The `G3413CTRBlockCipher` class in the Bouncy Castle Java provider (`bcprov`) implements GOST R 34.13-2015 CTR mode using a faulty counter increment that causes the counter to wrap after at most 256 distinct counter values. The same keystream is then reused for subsequent blocks encrypted under the same key and IV, allowing a passive attacker to break the confidentiality of CTR-encrypted data once enough blocks are processed under a single key/IV.\n\nThe fix in `1.84` implements full multi-byte counter increment with carry propagation and raises `IllegalStateException` once the counter space is exhausted, preventing silent keystream reuse.", "severity": [ { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:Red" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Maven", + "name": "org.bouncycastle:bcprov-jdk14" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.59" + }, + { + "fixed": "1.84" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.bouncycastle:bcprov-jdk15to18" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.63" + }, + { + "fixed": "1.84" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.bouncycastle:bcprov-jdk15on" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.59" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.bouncycastle:bcprov-jdk18on" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.71" + }, + { + "fixed": "1.84" + } + ] + } + ] } ], - "affected": [], "references": [ { "type": "ADVISORY", @@ -27,6 +102,10 @@ "type": "WEB", "url": "https://github.com/bcgit/bc-java/commit/b42574345414e4b7c8051b16fa1fafe01c29871f" }, + { + "type": "PACKAGE", + "url": "https://github.com/bcgit/bc-java" + }, { "type": "WEB", "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%9014813" @@ -36,7 +115,7 @@ "cwe_ids": [ "CWE-327" ], - "severity": "CRITICAL", + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-04-15T10:16:38Z"