oss-sec mailing list archives
CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences
From: Wolfgang Frisch <wolfgang.frisch () suse com>
Date: Thu, 3 Sep 2020 19:55:29 +0200
CVE-2020-25125 was assigned to the following issue in GnuPG:
Importing an OpenPGP key having a preference list for AEAD algorithms will lead to an array overflow and thus often to a crash or other undefined behaviour.
These versions are affected: - GnuPG 2.2.21 (released 2020-07-09) - GnuPG 2.2.22 (released 2020-08-27) - Gpg4win 3.1.12 (released 2020-07-24)
https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html -- Wolfgang Frisch <wolfgang.frisch () suse com> Security Engineer OpenPGP fingerprint: A2E6 B7D4 53E9 544F BC13 D26B D9B3 56BD 4D4A 2D15 SUSE Software Solutions Germany GmbH Maxfeldstr. 5, 90409 Nuremberg, Germany (HRB 36809, AG Nürnberg) Managing Director: Felix Imendörffer
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences Wolfgang Frisch (Sep 03)