CVE-2025-14813
Broken Cryptographic Algorithm in BC-JAVA GOSTCTR Causes Data Integrity Risk
Publication date: 2026-04-15
Last updated on: 2026-04-15
Assigner: bcorg
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| legion_of_the_bouncy_castle_inc | bc-java | From 1.59 (inc) to 1.84 (exc) |
| legion_of_the_bouncy_castle_inc | bc-java | to 1.84 (exc) |
| legion_of_the_bouncy_castle_inc | bc-java | 1.84 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-327 | The product uses a broken or risky cryptographic algorithm or protocol. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in CVE-2025-14813 is a flaw in the GOST-R-3413-2015 CTR (Counter) mode implementation within the Bouncy Castle Java cryptographic library, specifically in the G3413CTRBlockCipher class. The issue arises because the counter used in the CTR mode was implemented as a single byte, which limits the number of blocks that can be processed to 255. This is below the required specification, which demands a counter capable of supporting n/2 bits, where n is the cipher's block size. As a result, the implementation cannot correctly process more than 255 blocks, leading to potential cryptographic errors.
The problem was fixed in version BC 1.84 by refactoring the counter increment logic to properly handle multi-byte counters with carry propagation, preventing counter overflow and ensuring correct processing of a larger number of blocks.
How can this vulnerability impact me? :
This vulnerability can impact you by causing incorrect encryption or decryption when processing more than 255 blocks of data using the affected GOST CTR mode implementation. Because the counter overflows prematurely, it can lead to reuse of counter values, which compromises the security guarantees of the CTR mode.
Such counter reuse can result in ciphertext repetition, weakening the cryptographic strength and potentially allowing attackers to recover plaintext or infer sensitive information.
In practical terms, this means that applications relying on this cryptographic implementation for secure data protection may be vulnerable to cryptanalysis or data leakage if they encrypt large amounts of data without updating to the fixed version.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is related to the cryptographic implementation of the GOST 34.13 CTR mode in the Bouncy Castle Java library, specifically the G3413CTRBlockCipher class. Detection involves verifying the version of the BC-JAVA library in use and checking if it is between versions 1.59 and before 1.84, which are affected.
To detect the vulnerability on your system, you can check the version of the Bouncy Castle Java library used by your applications. For example, if you have access to the Java environment or application dependencies, you can run commands to list installed packages or inspect the JAR files.
- Use a command like `mvn dependency:list | grep bcprov` if using Maven to check the Bouncy Castle provider version.
- If you have the JAR file, use `jar tf bcprov.jar | grep META-INF/MANIFEST.MF` and then extract the version info from the manifest.
- In a running Java application, you can programmatically check the version by querying the package implementation version, e.g., `Package.getPackage("org.bouncycastle.jce.provider").getImplementationVersion()`.
Additionally, to detect misuse or exploitation attempts related to this vulnerability, monitoring cryptographic operations that use GOST CTR mode and checking for errors or exceptions related to counter overflow (such as "attempt to process too many blocks") in application logs could be helpful.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade the Bouncy Castle Java library to version 1.84 or later, where the vulnerability has been fixed by correcting the counter increment logic in the G3413CTRBlockCipher implementation.
If upgrading immediately is not possible, avoid processing more than 255 blocks with the GOST CTR mode cipher to prevent incorrect encryption or decryption results.
Review and apply any patches or fixes provided by Bouncy Castle for this vulnerability, which include improved counter increment logic and proper handling of the initialization vector (IV).
Monitor application logs for exceptions such as "attempt to process too many blocks" which indicate counter overflow and may signal attempts to exploit the vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves the use of a broken or risky cryptographic algorithm in the Bouncy Castle Java library's GOST CTR mode implementation, which incorrectly limits the counter to 255 blocks. This limitation can lead to cryptographic weaknesses such as counter reuse or output repetition, potentially compromising data confidentiality and integrity.
Since standards and regulations like GDPR and HIPAA require strong cryptographic protections to safeguard sensitive data, the presence of this vulnerability could result in non-compliance due to weakened encryption mechanisms that fail to meet these security requirements.
Therefore, systems using affected versions of BC-JAVA (1.59 to before 1.84) with this vulnerable implementation may not fully comply with such regulations until they apply the fixes that correct the counter increment logic and extend the counter capacity as per the algorithm specification.