CVE-2025-68973

HIGH EPSS 2.9%
Published Dec 28, 20256mo ago · Modified Jun 17, 20262w ago
7.0 CVSS 3.1
High
Find Similar
Published Dec 28, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago

Description

In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)

CVSS Details

Base Score
7.0
Exploitability
1.0
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
2.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-675
CWE-787 Out-of-bounds Write Memory Safety

Affected Products 1

VendorProductVersionRange
gnupggnupg* ≤2.4.8

References 9

  • openwall.com http://www.openwall.com/lists/oss-security/2025/12/29/11
    Mailing ListPatch
  • github.com https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306
    Product
  • github.com https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9
    Patch
  • github.com https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51
    Patch
  • gpg.fail https://gpg.fail/memcpy
    Broken Link
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html
  • media.ccc.de https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
    Issue Tracking
  • news.ycombinator.com https://news.ycombinator.com/item?id=46403200
    Issue Tracking
  • openwall.com https://www.openwall.com/lists/oss-security/2025/12/28/5
    Mailing List

Remediation

  • openwall.com http://www.openwall.com/lists/oss-security/2025/12/29/11
    Mailing ListPatch
  • github.com https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9
    Patch
  • github.com https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51
    Patch