Unrated severityNVD Advisory· Published Sep 3, 2020· Updated Aug 4, 2024
CVE-2020-25125
CVE-2020-25125
Description
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
30- GnuPG/GnuPGdescription
- osv-coords27 versionspkg:apk/chainguard/gnupgpkg:apk/chainguard/gnupg-dirmngrpkg:apk/chainguard/gnupg-docpkg:apk/chainguard/gnupg-gpgconfpkg:apk/chainguard/gnupg-langpkg:apk/chainguard/gnupg-scdaemonpkg:apk/chainguard/gnupg-utilspkg:apk/chainguard/gnupg-wks-clientpkg:apk/chainguard/gpgpkg:apk/chainguard/gpg-agentpkg:apk/chainguard/gpgsmpkg:apk/chainguard/gpgvpkg:apk/chainguard/gpg-wks-serverpkg:apk/wolfi/gnupgpkg:apk/wolfi/gnupg-dirmngrpkg:apk/wolfi/gnupg-docpkg:apk/wolfi/gnupg-gpgconfpkg:apk/wolfi/gnupg-langpkg:apk/wolfi/gnupg-scdaemonpkg:apk/wolfi/gnupg-utilspkg:apk/wolfi/gnupg-wks-clientpkg:apk/wolfi/gpgpkg:apk/wolfi/gpg-agentpkg:apk/wolfi/gpgsmpkg:apk/wolfi/gpgvpkg:apk/wolfi/gpg-wks-serverpkg:rpm/opensuse/gpg2&distro=openSUSE%20Tumbleweed
< 0+ 26 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 2.2.27-2.4
Patches
Vulnerability mechanics
References
6- www.openwall.com/lists/oss-security/2020/09/03/4mitremailing-listx_refsource_MLIST
- www.openwall.com/lists/oss-security/2020/09/03/5mitremailing-listx_refsource_MLIST
- bugzilla.opensuse.org/show_bug.cgimitrex_refsource_MISC
- dev.gnupg.org/T5050mitrex_refsource_MISC
- dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bcmitrex_refsource_MISC
- lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.