Hi Gnupg developers, I'm submitting a fix for CVE-2025-68972, a signature verification bypass in GnuPG 2.4.x documented at https://gpg.fail/formfeed.
*Summary*
The vulnerability allows an attacker to extend signed messages with
arbitrary data that still passes signature verification. This occurs
because commit 976e9d608 (Nov 2022) added form feed (\f) insertion for
truncated lines but did not add corresponding detection during signature
verification.
*Root Cause*
In g10/armor.c (line 784), truncated lines get a form feed character:
afx->buffer[afx->buffer_len++] = this_truncated? '\f':'\n';
However, g10/plaintext.c's handle_plaintext() function does not check
for '\f' during hash calculation, allowing the exploit described at
https://gpg.fail/formfeed.
*The Fix*
The attached patch (CVE-2025-68972.patch) adds form feed detection in the
cleartext signature
hash calculation state machine. When '\f' is encountered, the function
logs an error and fails with GPG_ERR_BAD_SIGNATURE.
I'm happy to provide additional information, make adjustments to the
patch, or answer any questions.
Best regards,
Shani Yosef
CVE-2025-68972.patch
Description: Binary data
_______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
