oss-sec mailing list archives

CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences

From: Wolfgang Frisch <wolfgang.frisch () suse com>
Date: Thu, 3 Sep 2020 19:55:29 +0200

CVE-2020-25125 was assigned to the following issue in GnuPG:

Importing an OpenPGP key having a preference list for AEAD algorithms
will lead to an array overflow and thus often to a crash or other
undefined behaviour.

These versions are affected:

 - GnuPG 2.2.21   (released 2020-07-09)
 - GnuPG 2.2.22   (released 2020-08-27)
 - Gpg4win 3.1.12 (released 2020-07-24)


https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html

-- 
Wolfgang Frisch <wolfgang.frisch () suse com>
Security Engineer
OpenPGP fingerprint: A2E6 B7D4 53E9 544F BC13  D26B D9B3 56BD 4D4A 2D15
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5, 90409 Nuremberg, Germany
(HRB 36809, AG Nürnberg)
Managing Director: Felix Imendörffer

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences Wolfgang Frisch (Sep 03)