From 48d1c63700ba01ed47ab51bf9c27e68efb7cefc6 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Fri, 19 Dec 2025 10:19:46 -0500 Subject: [PATCH] GHSA SYNC: 1 brand new advisory --- gems/aws-sdk-s3/CVE-2025-14762.yml | 79 ++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 gems/aws-sdk-s3/CVE-2025-14762.yml diff --git a/gems/aws-sdk-s3/CVE-2025-14762.yml b/gems/aws-sdk-s3/CVE-2025-14762.yml new file mode 100644 index 0000000000..8c3914dbd7 --- /dev/null +++ b/gems/aws-sdk-s3/CVE-2025-14762.yml @@ -0,0 +1,79 @@ +--- +gem: aws-sdk-s3 +cve: 2025-14762 +ghsa: 2xgq-q749-89fq +url: https://github.com/aws/aws-sdk-ruby/security/advisories/GHSA-2xgq-q749-89fq +title: AWS SDK for Ruby's S3 Encryption Client has a Key Commitment Issue +date: 2025-12-18 +description: | + ## Summary + + S3 Encryption Client for Ruby is an open-source client-side encryption + library used to facilitate writing and reading encrypted records to S3. + + When the encrypted data key (EDK) is stored in an "Instruction File" + instead of S3's metadata record, the EDK is exposed to an "Invisible + Salamanders" attack (https://eprint.iacr.org/2019/016), which could + allow the EDK to be replaced with a new key. + + ## Impact + + ### Background - Key Commitment + + There is a cryptographic property whereby under certain conditions, + a single ciphertext can be decrypted into 2 different plaintexts by + using different encryption keys. To address this issue, strong + encryption schemes use what is known as "key commitment", a process + by which an encrypted message can only be decrypted by one key; + the key used to originally encrypt the message. + + In older versions of S3EC, when customers are also using a feature + called "Instruction File" to store EDKs, key commitment is not + implemented because multiple EDKs could be associated to an underlying + encrypted message object. For such customers an attack that leverages + the lack of key commitment is possible. A bad actor would need two + things to leverage this issue: + (i) the ability to create a separate, rogue, EDK that will also + decrypt the underlying object to produce desired plaintext, and + (ii) permission to upload a new instruction file to the S3 bucket + to replace the existing instruction file placed there by the + user using the S3C. Any future attempt to decrypt the + underlying encrypted message with the S3EC will unwittingly + use the rogue EDK to produce a valid plaintext message. + + ### Impacted versions: <= 1.207.0 + + ## Patches + + We are introducing the concept of "key commitment\" to S3EC where the + EDK is cryptographically bound to the ciphertext in order to address + this issue. In order to maintain compatibility for in-flight messages + we are releasing the fix in two versions. A code-compatible minor + version that can read messages with key-commitment but not write them, + and a new major version that can both read and write messages with + key-commitment. For maximum safety customers are asked to upgrade to + the latest major version: 1.208.0 or later. + + ### Workarounds + + There are no workarounds, please upgrade to the suggested version of S3EC. + + ### References + + If customers have any questions or comments about this advisory, + AWS SDK for Ruby asks that they contact AWS Security via the issue + reporting page or directly via email to + [aws-security@amazon.com](mailto:aws-security@amazon.com). + Please do not create a public GitHub issue. +cvss_v3: 5.3 +cvss_v4: 6.0 +patched_versions: + - ">= 1.208.0" +related: + url: + - https://nvd.nist.gov/vuln/detail/CVE-2025-14762 + - https://rubygems.org/gems/aws-sdk-s3/versions/1.208.0 + - https://github.com/aws/aws-sdk-ruby/security/advisories/GHSA-2xgq-q749-89fq + - https://github.com/aws/aws-sdk-ruby/commit/b633ba10cd2fbc4cc770b76ab531ed9647654044 + - https://aws.amazon.com/security/security-bulletins/AWS-2025-032 + - https://github.com/advisories/GHSA-2xgq-q749-89fq