Bug#1122582: sequoia-openpgp: DOS (crahsh) via special crafted encrypted message
Control: retitle -1 sequoia-openpgp: CVE-2025-67897: DOS (crash) via special crafted encrypted message hi Holger, On Thu, Dec 11, 2025 at 05:00:26PM +0100, Holger Levsen wrote: > Package: rust-sequoia-openpgp > Version: 1.1.0-3 > Severity: important > Tags: security > > https://gitlab.com/sequoia-pgp/sequoia/-/commit/b59886e5e7bdf7169ed330f309a6633d131776e5 > which was first released with rust-sequoia-openpgp 2.1.0 > describes (and then fixes) the following problem: > > openpgp: Fix an underflow in aes_key_unwrap. > > The `aes_key_unwrap` function would panic if passed a ciphertext > that was too short. In a debug build, it would panic due to a > subtraction underflow. In a release build, it would use the small > negative quantity to allocate a vector. Since the allocator > expects an unsigned quantity, the negative value would be > interpreted as a huge allocation. The allocator would then fail > to allocate the memory and panic. > > An attacker could trigger this panic by sending a victim an > encrypted message whose PKESK or SKESK packet has been specially > modified. When the victim decrypts the message, the program would > crash. > > Reported-by: Jan Różański. CVE-2025-67897 has been assigned for this issue. Regards, Salvatore
Bug#1122582: sequoia-openpgp: DOS (crahsh) via special crafted encrypted message
Package: rust-sequoia-openpgp Version: 1.1.0-3 Severity: important Tags: security https://gitlab.com/sequoia-pgp/sequoia/-/commit/b59886e5e7bdf7169ed330f309a6633d131776e5 which was first released with rust-sequoia-openpgp 2.1.0 describes (and then fixes) the following problem: openpgp: Fix an underflow in aes_key_unwrap. The `aes_key_unwrap` function would panic if passed a ciphertext that was too short. In a debug build, it would panic due to a subtraction underflow. In a release build, it would use the small negative quantity to allocate a vector. Since the allocator expects an unsigned quantity, the negative value would be interpreted as a huge allocation. The allocator would then fail to allocate the memory and panic. An attacker could trigger this panic by sending a victim an encrypted message whose PKESK or SKESK packet has been specially modified. When the victim decrypts the message, the program would crash. Reported-by: Jan Różański. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Ich glaube die Letzte Generation ist die erste kriminelle Vereinigung in der Geschichte, deren einziges Ziel es ist, dass sich die Regierung an die Verfassung und ihre eigenen Gesetze hält. (@muellermusik) signature.asc Description: PGP signature
