CVE-2020-25125

Name
CVE-2020-25125
Description
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://bugzilla.opensuse.org/show_bug.cgi?id=1176034
Vendor Advisory https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html
Mailing List https://dev.gnupg.org/T5050
Patch https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc
Mailing List http://www.openwall.com/lists/oss-security/2020/09/03/5
Mailing List http://www.openwall.com/lists/oss-security/2020/09/03/4

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnupg:gnupg:2.2.21:*:*:*:*:*:*:* gnupg == None == 2.2.21
cpe:2.3:a:gnupg:gnupg:2.2.22:*:*:*:*:*:*:* gnupg == None == 2.2.22
cpe:2.3:a:gpg4win:gpg4win:3.1.12:*:*:*:*:*:*:* gpg4win == None == 3.1.12

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
gnupg edge-main 2.2.23-r0 None fixed
gnupg edge-main 2.2.13-r0 None fixed
gnupg 3.22-main 2.2.23-r0 None fixed
gnupg 3.21-main 2.2.23-r0 None fixed
gnupg 3.20-main 2.2.23-r0 None fixed
gnupg 3.19-main 2.2.23-r0 None fixed
gnupg 3.18-main 2.2.23-r0 None fixed
gnupg 3.17-main 2.2.23-r0 None fixed
gnupg 3.12-main 2.2.23-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
gnupg 3.12-main 2.2.13-r0 None fixed