Demi Marie Obenour <[email protected]> writes: > On 12/29/25 11:57, Lexi Groves (49016) wrote: > [...] >> > Item 5: Memory Corruption in ASCII-Armor Parsing >> > >> > This is a serious memory-safety error in GPG. >> >> Yes. We did not have the time to try to exploit it, but we agreed that >> there is potential for remote code execution. We think that it is >> irresponsible to not release the fix on the 2.4 branch, which is what >> most users in the wild use. > > I totally agree. This is why I referred to this vulnerability as > a zero-day. > > (snip)
It's fixed in gnupg-2.4.9 for that branch, released today.
