CVE-2025-68973
HIGH EPSS 2.9%
Published Dec 28, 20256mo ago · Modified Jun 17, 20262w ago
7.0 CVSS 3.1
Published Dec 28, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago
Description
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
2.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 2
CWE-675
CWE-787 Out-of-bounds Write Memory Safety
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| gnupg | gnupg | * | ≤2.4.8 |
References 9
- openwall.com http://www.openwall.com/lists/oss-security/2025/12/29/11
- github.com https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306
- github.com https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9
- github.com https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51
- gpg.fail https://gpg.fail/memcpy
- lists.debian.org https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html
- media.ccc.de https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
- news.ycombinator.com https://news.ycombinator.com/item?id=46403200
- openwall.com https://www.openwall.com/lists/oss-security/2025/12/28/5
Remediation
- openwall.com http://www.openwall.com/lists/oss-security/2025/12/29/11
- github.com https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9
- github.com https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51