Bug 2458640 (CVE-2025-14813)
| Summary: | CVE-2025-14813 bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | aazores, anthomas, ant, aschwart, asoldano, aszczucz, ataylor, avibelli, bbaranow, bgeorges, bmaxwell, boliveir, bstansbe, ccranfor, cescoffi, chfoley, cmah, dandread, dbruscin, dhanak, dkreling, dlofthou, drichtar, drosa, eaguilar, ebaron, ehelms, ewittman, fmariani, fmongiar, ggainey, gmalinko, gsmet, gtanzill, ibek, istudens, ivassile, iweiss, janstey, jbuscemi, jkoehler, jmartisk, jnethert, jolong, jpechane, jrokos, juwatts, jwon, kvanderr, lphiri, lthon, manderse, mcarlett, mhulan, mnovotny, mosmerov, mposolda, msvehla, nipatil, nmoumoul, nwallace, olubyans, osousa, pantinor, pberan, pcreech, pdelbell, pesilva, pgallagh, pjindal, pmackay, probinso, rchan, rgodfrey, rguimara, rhel-process-autobot, rkubis, rmartinc, rruss, rstancel, rstepani, rsvoboda, sausingh, sbiarozk, sdawley, smaestri, smallamp, ssilvert, sthorger, swoodman, tcunning, thjenkin, tmalecek, tqvarnst, vdosoudi, vmuzikar, watson-tool-maintainers, yfang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `GOSTCTR` implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the `G3413CTRBlockCipher`, potentially leading to the recovery and access of encrypted data.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2463500, 2463501, 2463502, 2463503, 2463504, 2463505, 2463506, 2463507, 2463508, 2463509, 2463510 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-04-15 10:01:50 UTC
This issue has been addressed in the following products: Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 Via RHSA-2026:13631 https://access.redhat.com/errata/RHSA-2026:13631 This issue has been addressed in the following products: Red Hat AMQ Broker 7.13.5 Via RHSA-2026:14272 https://access.redhat.com/errata/RHSA-2026:14272 This issue has been addressed in the following products: Red Hat AMQ Broker 7.12.7 Via RHSA-2026:14276 https://access.redhat.com/errata/RHSA-2026:14276 This issue has been addressed in the following products: Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14 Via RHSA-2026:17668 https://access.redhat.com/errata/RHSA-2026:17668 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 8.1 Via RHSA-2026:18059 https://access.redhat.com/errata/RHSA-2026:18059 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Via RHSA-2026:18055 https://access.redhat.com/errata/RHSA-2026:18055 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Via RHSA-2026:18054 https://access.redhat.com/errata/RHSA-2026:18054 |