rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
4384743abdd9fd8caffda17da28545a731741a37
advisory-db/crates/sequoia-openpgp/RUSTSEC-2025-0136.md
djc 4384743abd Synchronize IDs (2025-12-17)
2025-12-17 07:01:32 +01:00

1.1 KiB
Raw Blame History 

[advisory]
id = "RUSTSEC-2025-0136"
package = "sequoia-openpgp"
date = "2025-11-07"
url = "https://gitlab.com/sequoia-pgp/sequoia/-/blob/b59886e5e7bdf7169ed330f309a6633d131776e5/openpgp/NEWS#L7-L26"
categories = ["denial-of-service"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
aliases = ["CVE-2025-67897", "GHSA-v6x3-9r38-r27q"]

[affected.functions]
"sequoia_openpgp::crypto::ecdh::aes_key_unwrap" = ["<2.1.0"]

[versions]
patched = [">=2.1.0"]

Underflow in aes_key_unwrap function

The aes_key_unwrap function would panic if passed a ciphertext that was too short. In a debug build, it would panic due to a subtraction underflow. In a release build, it would use the small negative quantity to allocate a vector. Since the allocator expects an unsigned quantity, the negative value would be interpreted as a huge allocation. The allocator would then fail to allocate the memory and panic.

An attacker could trigger this panic by sending a victim an encrypted message whose PKESK or SKESK packet has been specially modified. When the victim decrypts the message, the program would crash.