GHSA SYNC: 1 brand new advisory

jasnow · postmodern · commit 4b5ad6bf5014 · 2025-12-19T09:35:29.000-08:00
diff --git a/gems/aws-sdk-s3/CVE-2025-14762.yml b/gems/aws-sdk-s3/CVE-2025-14762.yml
@@ -0,0 +1,79 @@
+---
+gem: aws-sdk-s3
+cve: 2025-14762
+ghsa: 2xgq-q749-89fq
+url: https://github.com/aws/aws-sdk-ruby/security/advisories/GHSA-2xgq-q749-89fq
+title: AWS SDK for Ruby's S3 Encryption Client has a Key Commitment Issue
+date: 2025-12-18
+description: |
+  ## Summary
+
+  S3 Encryption Client for Ruby is an open-source client-side encryption
+  library used to facilitate writing and reading encrypted records to S3.
+
+  When the encrypted data key (EDK) is stored in an "Instruction File"
+  instead of S3's metadata record, the EDK is exposed to an "Invisible
+  Salamanders" attack (https://eprint.iacr.org/2019/016), which could
+  allow the EDK to be replaced with a new key.
+
+  ## Impact
+
+  ### Background - Key Commitment
+
+  There is a cryptographic property whereby under certain conditions,
+  a single ciphertext can be decrypted into 2 different plaintexts by
+  using different encryption keys. To address this issue, strong
+  encryption schemes use what is known as "key commitment", a process
+  by which an encrypted message can only be decrypted by one key;
+  the key used to originally encrypt the message.
+
+  In older versions of S3EC, when customers are also using a feature
+  called "Instruction File" to store EDKs, key commitment is not
+  implemented because multiple EDKs could be associated to an underlying
+  encrypted message object.  For such customers an attack that leverages
+  the lack of key commitment is possible.  A bad actor would need two
+  things to leverage this issue:
+    (i) the ability to create a separate, rogue, EDK that will also
+         decrypt the underlying object to produce desired plaintext, and
+    (ii) permission to upload a new instruction file to the S3 bucket
+         to replace the existing instruction file placed there by the
+         user using the S3C.  Any future attempt to decrypt the
+         underlying encrypted message with the S3EC will unwittingly
+         use the rogue EDK to produce a valid plaintext message.
+
+  ### Impacted versions: <= 1.207.0
+
+  ## Patches
+
+  We are introducing the concept of "key commitment\" to S3EC where the
+  EDK is cryptographically bound to the ciphertext in order to address
+  this issue.  In order to maintain compatibility for in-flight messages
+  we are releasing the fix in two versions. A code-compatible minor
+  version that can read messages with key-commitment but not write them,
+  and a new major version that can both read and write messages with
+  key-commitment. For maximum safety customers are asked to upgrade to
+  the latest major version: 1.208.0 or later.
+
+  ### Workarounds
+
+  There are no workarounds, please upgrade to the suggested version of S3EC.
+
+  ### References
+
+  If customers have any questions or comments about this advisory,
+  AWS SDK for Ruby asks that they contact AWS Security via the issue
+  reporting page or directly via email  to
+  [aws-security@amazon.com](mailto:aws-security@amazon.com).
+  Please do not create a public GitHub issue.
+cvss_v3: 5.3
+cvss_v4: 6.0
+patched_versions:
+  - ">= 1.208.0"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-14762
+    - https://rubygems.org/gems/aws-sdk-s3/versions/1.208.0
+    - https://github.com/aws/aws-sdk-ruby/security/advisories/GHSA-2xgq-q749-89fq
+    - https://github.com/aws/aws-sdk-ruby/commit/b633ba10cd2fbc4cc770b76ab531ed9647654044
+    - https://aws.amazon.com/security/security-bulletins/AWS-2025-032
+    - https://github.com/advisories/GHSA-2xgq-q749-89fq
