HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2020-25125

CVSS 7.8v3.1pub. 2020-09-03upd. 2024-11-21

GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Gnupg

    APP
    Gnupg
    2.2.212.2.22
  • Gpg4win

    APP
    Gpg4Win
    3.1.12
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-3515CRITICAL9.8ten sam produkt

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnera...

CVE-2026-24882HIGH8.4ten sam produkt

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT co...

CVE-2026-24881HIGH8.1ten sam produkt

In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key...

CVE-2025-68973HIGH7.8ten sam produkt

In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intend...

CVE-2019-14855HIGH7.5ten sam produkt

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorit...

CVE-2020-25125 β€” Gnupg β€” HIGH β€” CVSS 7.8 | CVEbaza.pl