Medium Published: Dec 14, 2025

CVE-2025-67897

5.3 CVSS Score Medium

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Export:

Link copied!

Description

In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.

CVSS Vector Details

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Weaknesses (CWE)

CWE-195

References & External Links

https://bugs.debian.org/1122582
https://gitlab.com/sequoia-pgp/sequoia/-/blob/b59886e5e7bdf7169ed330f309a6633d131776e5/openpgp/NEWS#L7-L26
https://gitlab.com/sequoia-pgp/sequoia/-/commit/b59886e5e7bdf7169ed330f309a6633d131776e5

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker