{ "threat_severity" : "Important", "public_date" : "2025-12-28T16:19:11Z", "bugzilla" : { "description" : "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write", "id" : "2425966", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425966" }, "cvss3" : { "cvss3_base_score" : "7.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "status" : "verified" }, "cwe" : "CWE-675", "details" : [ "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution." ], "statement" : "This vulnerability is rated Important for Red Hat products. The flaw in GnuPG's `armor_filter` function allows an attacker with local access to provide crafted input, potentially leading to information disclosure and arbitrary code execution due to an out-of-bounds write. Exploitation requires high attack complexity.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-01-15T00:00:00Z", "advisory" : "RHSA-2026:0697", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "gnupg2-0:2.4.5-3.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-02-02T00:00:00Z", "advisory" : "RHSA-2026:1629", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "gnupg2-0:2.4.5-2.el10_0.1" }, { "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date" : "2026-02-02T00:00:00Z", "advisory" : "RHSA-2026:1677", "cpe" : "cpe:/o:redhat:rhel_els:7", "package" : "gnupg2-0:2.0.22-5.el7_9.1" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-01-15T00:00:00Z", "advisory" : "RHSA-2026:0728", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnupg2-0:2.2.20-4.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1468", "cpe" : "cpe:/o:redhat:rhel_aus:8.2", "package" : "gnupg2-0:2.2.9-1.el8_2.1" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:1014", "cpe" : "cpe:/o:redhat:rhel_aus:8.4", "package" : "gnupg2-0:2.2.20-2.el8_4.1" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:1014", "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4", "package" : "gnupg2-0:2.2.20-2.el8_4.1" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0974", "cpe" : "cpe:/o:redhat:rhel_aus:8.6", "package" : "gnupg2-0:2.2.20-3.el8_6.1" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0974", "cpe" : "cpe:/o:redhat:rhel_tus:8.6", "package" : "gnupg2-0:2.2.20-3.el8_6.1" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0974", "cpe" : "cpe:/o:redhat:rhel_e4s:8.6", "package" : "gnupg2-0:2.2.20-3.el8_6.1" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2026-01-21T00:00:00Z", "advisory" : "RHSA-2026:0935", "cpe" : "cpe:/o:redhat:rhel_tus:8.8", "package" : "gnupg2-0:2.2.20-3.el8_8.1" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2026-01-21T00:00:00Z", "advisory" : "RHSA-2026:0935", "cpe" : "cpe:/o:redhat:rhel_e4s:8.8", "package" : "gnupg2-0:2.2.20-3.el8_8.1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-01-15T00:00:00Z", "advisory" : "RHSA-2026:0719", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "gnupg2-0:2.3.3-5.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-01-15T00:00:00Z", "advisory" : "RHSA-2026:0719", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "gnupg2-0:2.3.3-5.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2026-02-02T00:00:00Z", "advisory" : "RHSA-2026:1719", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "gnupg2-0:2.3.3-2.el9_0.1" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-02-02T00:00:00Z", "advisory" : "RHSA-2026:1705", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "gnupg2-0:2.3.3-2.el9_2.1" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:1230", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "gnupg2-0:2.3.3-4.el9_4.1" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:1229", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "gnupg2-0:2.3.3-4.el9_6.1" }, { "product_name" : "Compliance Operator 1", "release_date" : "2026-02-03T00:00:00Z", "advisory" : "RHSA-2026:1859", "cpe" : "cpe:/a:redhat:openshift_compliance_operator:1::el9", "package" : "compliance/openshift-compliance-content-rhel8:sha256:1f64fb6c815987f02e1f9145bdf0b92fde122a5592cb9c6e3e734c7fbfe0423f" }, { "product_name" : "Compliance Operator 1", "release_date" : "2026-02-03T00:00:00Z", "advisory" : "RHSA-2026:1859", "cpe" : "cpe:/a:redhat:openshift_compliance_operator:1::el9", "package" : "compliance/openshift-compliance-must-gather-rhel8:sha256:616471362a3255231b1b2f5434aa1fdde078570543b1ccee23a74272cff3f2b5" }, { "product_name" : "Compliance Operator 1", "release_date" : "2026-02-03T00:00:00Z", "advisory" : "RHSA-2026:1859", "cpe" : "cpe:/a:redhat:openshift_compliance_operator:1::el9", "package" : "compliance/openshift-compliance-openscap-rhel8:sha256:050b381149997b5fbad2e60ff312e1559ee7c2efc67c822cc3e26a9c77c58749" }, { "product_name" : "Compliance Operator 1", "release_date" : "2026-02-03T00:00:00Z", "advisory" : "RHSA-2026:1859", "cpe" : "cpe:/a:redhat:openshift_compliance_operator:1::el9", "package" : "compliance/openshift-compliance-rhel8-operator:sha256:1ff94f69f055ccd48fe6c1c90c70302567a30dc9fdb548c8021bc041188673fd" }, { "product_name" : "Red Hat Advanced Cluster Security 4.8", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1517", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-central-db-rhel8:sha256:189126988989d9ea557c1356386ee5a7443d5cb01717e0d974f0603a2b659130" }, { "product_name" : "Red Hat Advanced Cluster Security 4.8", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1517", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-collector-rhel8:sha256:5271f61b08c3c593db3285d7d68014792440944ee38c2fff1839f2d401cc27ad" }, { "product_name" : "Red Hat Advanced Cluster Security 4.8", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1517", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406" }, { "product_name" : "Red Hat Advanced Cluster Security 4.8", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1517", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-rhel8-operator:sha256:074255ff15e39c96ccb0dac16df03a8f3066afa4f2f6d81588e11d0cff5f7dd6" }, { "product_name" : "Red Hat Advanced Cluster Security 4.8", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1517", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-roxctl-rhel8:sha256:678b96caceeb30a64c2f43395ab291e3035fa122d46eb9d2289e77bfc6b4c3b2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.8", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1517", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-scanner-db-rhel8:sha256:9386cdac44378229ee4bbae348924e496738eadbb30a5a338886280a5361c91a" }, { "product_name" : "Red Hat Advanced Cluster Security 4.8", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1517", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-scanner-rhel8:sha256:14f23c5a1b81122d6c019ee470617da0e4597b9aac42c008797c0be8a0c14b45" }, { "product_name" : "Red Hat Advanced Cluster Security 4.8", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1517", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-scanner-v4-db-rhel8:sha256:1a3802e374386dd277f1e806a0cc7cdd9327dd57900df2e8af373acb0501a862" }, { "product_name" : "Red Hat Advanced Cluster Security 4.8", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1517", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-scanner-v4-rhel8:sha256:1c5cb619fc844a48f79d2996d8c2239bab7077845d404184515d4e7df7afdc6e" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-09T00:00:00Z", "advisory" : "RHSA-2026:2350", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-central-db-rhel8:sha256:0b85460655f6f540e6278f5bd08e6c52ea3a3e4acb54a79d524247227f5e9d7c" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-09T00:00:00Z", "advisory" : "RHSA-2026:2350", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-collector-rhel8:sha256:0115106585032e52bedca4443f008c755c3fbc5e4fdf4f4be974cb6be9345b86" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-09T00:00:00Z", "advisory" : "RHSA-2026:2350", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-09T00:00:00Z", "advisory" : "RHSA-2026:2350", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-rhel8-operator:sha256:1dceed562203416b6d853e66402a2ec69370a53cc119953aeb442288ecebfa4f" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-09T00:00:00Z", "advisory" : "RHSA-2026:2350", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-roxctl-rhel8:sha256:0f27626c8a671458174b6a3dc08268ec13f1b1ce297ca26b085a5799971470d6" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-09T00:00:00Z", "advisory" : "RHSA-2026:2350", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-scanner-db-rhel8:sha256:34d1530a0759075f9a6d7cb31d45efac05575e0db2ea43adc3379f24b1524060" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-09T00:00:00Z", "advisory" : "RHSA-2026:2350", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-scanner-rhel8:sha256:249ae5abf72f255ec0b9152df39a5b2bd270df420bb585ca390e5c7dbdc4b5af" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-09T00:00:00Z", "advisory" : "RHSA-2026:2350", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-scanner-v4-db-rhel8:sha256:6772a5c3a85b279176346e893e3ed08498861ee31495c32236dab20a95392871" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-09T00:00:00Z", "advisory" : "RHSA-2026:2350", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-scanner-v4-rhel8:sha256:461fee74ff86feaf21bda5d170975b185758cb891307e8e5e5930985a2191307" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2568", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-central-db-rhel8:sha256:883829bc4863879bfa6f1a73b18a7dca659a699664a3851f24e2b08cc15cf0e0" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2568", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-collector-rhel8:sha256:6ddaad689e2065044d8c13fed306f0d6051199b19689b12c4d60c785243cb3ee" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2568", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2568", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-rhel8-operator:sha256:2d7d654755857e5a164827f2bbc022d1c23f7229b4164faa5c61e852c1706800" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2568", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-roxctl-rhel8:sha256:52db816d2bddde50796a4a5ceb22a9a54fc72bd3b2c1564e7515d0cda2f6c0c1" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2568", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-scanner-db-rhel8:sha256:05ddda7a4ba49a18e5498d9ff8c3565f7a4abc96c985feec10887bb0c1b8aec3" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2568", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-scanner-rhel8:sha256:5f83884b0a2b48f34e14b949f43e68ad4b99cb8d228bec74b5126b89cc007808" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2568", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-scanner-v4-db-rhel8:sha256:4a35cd2f60df70215a8344cbb2ba17c36856a0e59dbf0b4e26c63834968c791c" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2568", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-scanner-v4-rhel8:sha256:0f5f88357d4d95c1ffa397cbc346bf9f5dc2db8f4e5579abad88c0ad2963d162" }, { "product_name" : "Red Hat Ceph Storage 7", "release_date" : "2026-02-03T00:00:00Z", "advisory" : "RHSA-2026:1858", "cpe" : "cpe:/a:redhat:ceph_storage:7::el9", "package" : "rhceph/rhceph-7-rhel9:sha256:72a6d9deb9325e43639230b2681640b15bab946025810258796f95315febb7f4" }, { "product_name" : "Red Hat Ceph Storage 8", "release_date" : "2026-02-02T00:00:00Z", "advisory" : "RHSA-2026:1652", "cpe" : "cpe:/a:redhat:ceph_storage:8::el9", "package" : "rhceph/rhceph-8-rhel9:sha256:09aaeba975aa74bdf95d63e5619c0cabb1cd9e1410aa34e7f8ecf24a5e291d1a" }, { "product_name" : "Red Hat Discovery 2", "release_date" : "2026-02-02T00:00:00Z", "advisory" : "RHSA-2026:1736", "cpe" : "cpe:/a:redhat:discovery:2::el9", "package" : "discovery/discovery-server-rhel9:sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8" }, { "product_name" : "Red Hat Discovery 2", "release_date" : "2026-02-02T00:00:00Z", "advisory" : "RHSA-2026:1736", "cpe" : "cpe:/a:redhat:discovery:2::el9", "package" : "discovery/discovery-ui-rhel9:sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6" }, { "product_name" : "Red Hat Insights proxy 1.5", "release_date" : "2026-02-10T00:00:00Z", "advisory" : "RHSA-2026:2485", "cpe" : "cpe:/a:redhat:insights_proxy:1.5::el9", "package" : "insights-proxy/insights-proxy-container-rhel9:sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2563", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/cds-rhel9:sha256:83e8b356eb4697a81ff8c6764dc976862800f4c78122a606173340a6e105a4fe" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2563", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/haproxy-rhel9:sha256:409a64405669fd11ad8700356243762a3507430f9bba4100bb92765d4482b7e5" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2563", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/installer-rhel9:sha256:48cf7cf48dfadb17f9357bf1894a5d0393551a893faa8b0ea0e11fe1ffed497f" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2563", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/rhua-rhel9:sha256:df709663b581b740006c6ea4b297978932874eade1563c3952e0594e926aa5f8" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "gnupg2", "cpe" : "cpe:/o:redhat:enterprise_linux:6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-68973\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-68973\nhttps://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306\nhttps://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9\nhttps://gpg.fail/memcpy\nhttps://news.ycombinator.com/item?id=46403200\nhttps://www.openwall.com/lists/oss-security/2025/12/28/5" ], "name" : "CVE-2025-68973", "mitigation" : { "value" : "To mitigate this issue, users should avoid processing untrusted or unverified input with GnuPG. Exercise caution when handling GnuPG-encrypted or signed data from unknown or suspicious sources, as specially crafted input could trigger the vulnerability. This operational control reduces the attack surface by limiting exposure to malicious data.", "lang" : "en:us" }, "csaw" : false }