20 matches found
bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The GOSTCTR implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the G3413CTRBlockCiphe...
bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The GOSTCTR implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the G3413CTRBlockCiphe...
CVE-2026-44498
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAXBLOCKSIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block...
CVE-2026-44498
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAXBLOCKSIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block...
CVE-2026-44498
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAXBLOCKSIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block...
CVE-2026-44498 ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAXBLOCKSIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block...
PT-2026-38619
Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAX BLOCK SIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while...
bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The GOSTCTR implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the G3413CTRBlockCiphe...
bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The GOSTCTR implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the G3413CTRBlockCiphe...
EUVD-2025-209467
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is associated with program files G3413CTRBlockCipher. GOSTCTR implementation unable to process more than 255 blocks correctly. This issue affec...
SUSE CVE-2025-14813
: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is associated with program files G3413CTRBlockCipher. This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1, from 1.82...
CVE-2025-14813
: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is associated with program files G3413CTRBlockCipher. This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1, from 1.82...
CVE-2025-14813 GOSTCTR implementation unable to process more than 255 blocks correctly
: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is associated with program files G3413CTRBlockCipher. This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1, from 1.82...
CVE-2025-14813 GOSTCTR implementation unable to process more than 255 blocks correctly
: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is associated with program files G3413CTRBlockCipher. This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1, from 1.82...
CVE-2025-14813
CVE-2025-14813 affects BC-JAVA (bcprov) releases prior to 1.84, where the GOSTCTR mode cannot process more than 255 blocks. This vulnerability impacts all core modules using GOSTCTR in bcprov, with a critical impact on confidentiality, integrity, and availability (per CVSS 4.0: AV:L, AC:L, PR:N, ...
libcrux-sha3: Incorrect output from SHAKE squeeze functions
The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE 168 for SHAKE128, 136 for SHAKE256 bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF...
OESA-2025-2649 golang security update
. Security Fixes: tar.Reader in the Go archive/tar component did not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions could cause a Reader to read an unbounded amount of data fr...
Adversary can cause malicious slashing of operators by creating malicous token and setting gas limit above chain block gas limit
Lines of code Vulnerability details Impact Operators maliciously slashed Proof of Concept A user can create a malicious token that when called by anyone other than themselves and the bridge use an extreme amount of gas. They create a bridge request with a gas limit higher than the block limit. If...
node-opcua 资源管理错误漏洞
node-opcua is a French Sterfive SAS open source implementation of an OPC UA stack written entirely in Typescript for NodeJS. A security vulnerability exists in versions of node-opcua prior to 2.74.0, which stems from the lack of a limit on the number of received blocks total number per session or...
Unbounded iteration in NFTXEligiblityManager.distribute over _feeReceivers
Handle @cmichelio Vulnerability details Vulnerability Details NFTXEligiblityManager.distribute iterates over all feeReceivers. Impact If the number of feeReceivers gets too big, the transaction's gas cost could exceed the block gas limit and make it impossible to call distribute at all. Recommend...