CVE-2025-68973

High CVSS: 7.8

In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)

Vendor

Gnupg

Product

Gnupg

CWE

CWE-675

Yayın Tarihi

2025-12-28 17:16:01

Güncelleme

2026-01-14 19:16:46

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-675 Gnupg HIGH Gnupg 2025

Referanslar

https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306 https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51 https://gpg.fail/memcpy https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i https://news.ycombinator.com/item?id=46403200 https://www.openwall.com/lists/oss-security/2025/12/28/5 http://www.openwall.com/lists/oss-security/2025/12/29/11 https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html https://gpg.fail/memcpy

Benzer Kayıtlar

High

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause…

High

CVE-2026-24882

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for…

Low

CVE-2026-24883

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to…

Medium

CVE-2025-68972

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified…

Low

CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid bac…