Updated advisory posts against rubysec/ruby-advisory-db@4b5ad6b

Author: jasnow

advisories/_posts/2025-12-18-CVE-2025-14762.md

@@ -0,0 +1,87 @@
+---
+layout: advisory
+title: 'CVE-2025-14762 (aws-sdk-s3): AWS SDK for Ruby''s S3 Encryption Client has
+  a Key Commitment Issue'
+comments: false
+categories:
+- aws-sdk-s3
+advisory:
+  gem: aws-sdk-s3
+  cve: 2025-14762
+  ghsa: 2xgq-q749-89fq
+  url: https://github.com/aws/aws-sdk-ruby/security/advisories/GHSA-2xgq-q749-89fq
+  title: AWS SDK for Ruby's S3 Encryption Client has a Key Commitment Issue
+  date: 2025-12-18
+  description: |
+    ## Summary
+
+    S3 Encryption Client for Ruby is an open-source client-side encryption
+    library used to facilitate writing and reading encrypted records to S3.
+
+    When the encrypted data key (EDK) is stored in an "Instruction File"
+    instead of S3's metadata record, the EDK is exposed to an "Invisible
+    Salamanders" attack (https://eprint.iacr.org/2019/016), which could
+    allow the EDK to be replaced with a new key.
+
+    ## Impact
+
+    ### Background - Key Commitment
+
+    There is a cryptographic property whereby under certain conditions,
+    a single ciphertext can be decrypted into 2 different plaintexts by
+    using different encryption keys. To address this issue, strong
+    encryption schemes use what is known as "key commitment", a process
+    by which an encrypted message can only be decrypted by one key;
+    the key used to originally encrypt the message.
+
+    In older versions of S3EC, when customers are also using a feature
+    called "Instruction File" to store EDKs, key commitment is not
+    implemented because multiple EDKs could be associated to an underlying
+    encrypted message object.  For such customers an attack that leverages
+    the lack of key commitment is possible.  A bad actor would need two
+    things to leverage this issue:
+      (i) the ability to create a separate, rogue, EDK that will also
+           decrypt the underlying object to produce desired plaintext, and
+      (ii) permission to upload a new instruction file to the S3 bucket
+           to replace the existing instruction file placed there by the
+           user using the S3C.  Any future attempt to decrypt the
+           underlying encrypted message with the S3EC will unwittingly
+           use the rogue EDK to produce a valid plaintext message.
+
+    ### Impacted versions: <= 1.207.0
+
+    ## Patches
+
+    We are introducing the concept of "key commitment\" to S3EC where the
+    EDK is cryptographically bound to the ciphertext in order to address
+    this issue.  In order to maintain compatibility for in-flight messages
+    we are releasing the fix in two versions. A code-compatible minor
+    version that can read messages with key-commitment but not write them,
+    and a new major version that can both read and write messages with
+    key-commitment. For maximum safety customers are asked to upgrade to
+    the latest major version: 1.208.0 or later.
+
+    ### Workarounds
+
+    There are no workarounds, please upgrade to the suggested version of S3EC.
+
+    ### References
+
+    If customers have any questions or comments about this advisory,
+    AWS SDK for Ruby asks that they contact AWS Security via the issue
+    reporting page or directly via email  to
+    [[email protected]](mailto:[email protected]).
+    Please do not create a public GitHub issue.
+  cvss_v3: 5.3
+  cvss_v4: 6.0
+  patched_versions:
+  - ">= 1.208.0"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-14762
+    - https://rubygems.org/gems/aws-sdk-s3/versions/1.208.0
+    - https://github.com/aws/aws-sdk-ruby/security/advisories/GHSA-2xgq-q749-89fq
+    - https://github.com/aws/aws-sdk-ruby/commit/b633ba10cd2fbc4cc770b76ab531ed9647654044
+    - https://aws.amazon.com/security/security-bulletins/AWS-2025-032
+    - https://github.com/advisories/GHSA-2xgq-q749-89fq
+---