Unrated severityNVD Advisory· Published Mar 19, 2025· Updated Mar 19, 2025
CVE-2025-30258
CVE-2025-30258
Description
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
38- osv-coords36 versionspkg:apk/chainguard/gnupgpkg:apk/chainguard/gnupg-dirmngrpkg:apk/chainguard/gnupg-docpkg:apk/chainguard/gnupg-gpgconfpkg:apk/chainguard/gnupg-langpkg:apk/chainguard/gnupg-scdaemonpkg:apk/chainguard/gnupg-utilspkg:apk/chainguard/gnupg-wks-clientpkg:apk/chainguard/gpgpkg:apk/chainguard/gpg-agentpkg:apk/chainguard/gpgsmpkg:apk/chainguard/gpgvpkg:apk/chainguard/gpg-wks-serverpkg:apk/wolfi/gnupgpkg:apk/wolfi/gnupg-dirmngrpkg:apk/wolfi/gnupg-docpkg:apk/wolfi/gnupg-gpgconfpkg:apk/wolfi/gnupg-langpkg:apk/wolfi/gnupg-scdaemonpkg:apk/wolfi/gnupg-utilspkg:apk/wolfi/gnupg-wks-clientpkg:apk/wolfi/gpgpkg:apk/wolfi/gpg-agentpkg:apk/wolfi/gpgsmpkg:apk/wolfi/gpgvpkg:apk/wolfi/gpg-wks-serverpkg:rpm/opensuse/gpg2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/gpg2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Micro%206.1
< 2.4.8-r1+ 35 more
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.8-r1
- (no CPE)range: < 2.4.4-150600.3.9.1
- (no CPE)range: < 2.5.6-1.1
- (no CPE)range: < 2.2.27-150300.3.13.1
- (no CPE)range: < 2.2.27-150300.3.13.1
- (no CPE)range: < 2.2.27-150300.3.13.1
- (no CPE)range: < 2.2.27-150300.3.13.1
- (no CPE)range: < 2.4.4-150600.3.9.1
- (no CPE)range: < 2.4.4-150600.3.9.1
- (no CPE)range: < 2.4.4-2.1
- (no CPE)range: < 2.4.4-slfo.1.1_4.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.