CVE-2025-14813

DOCUMENTATION: A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The GOSTCTR implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the G3413CTRBlockCipher, potentially leading to the recovery and access of encrypted data. 

            STATEMENT: To exploit this flaw, an attacker needs to capture ciphertext encrypted by the GOSTCTR implementation where the G3413CTRBlockCipher processed more than 255 blocks of data, resulting in keystream reuse. An attack typically requires capturing these overlapping ciphertexts to perform cryptanalysis and uncover the underlying data.

The primary impact of this vulnerability is the potential loss of confidentiality for data encrypted by the GOSTCTR implementation. This can compromise encrypted communications or sensitive stored data by allowing an attacker to fully recover the plaintext.

            MITIGATION: To mitigate this vulnerability, strictly limit the payload encrypted under a single key and Initialization Vector (IV) pair using the GOSTCTR implementation and G3413CTRBlockCipher to a maximum of 255 blocks. Alternatively, transition to a more secure, standardized and authenticated encryption mode.