CVE-2025-67897: Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short
(updated )
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.
References
- bugs.debian.org/1122582
- github.com/advisories/GHSA-v6x3-9r38-r27q
- gitlab.com/sequoia-pgp/sequoia
- gitlab.com/sequoia-pgp/sequoia/-/blob/b59886e5e7bdf7169ed330f309a6633d131776e5/openpgp/NEWS
- gitlab.com/sequoia-pgp/sequoia/-/commit/b59886e5e7bdf7169ed330f309a6633d131776e5
- nvd.nist.gov/vuln/detail/CVE-2025-67897
- rustsec.org/advisories/RUSTSEC-2025-0136.html
Code Behaviors & Features
Detect and mitigate CVE-2025-67897 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →