AZL-58935

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-58935.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-58935

Upstream

CVE-2025-30258

Published

2025-03-19T20:15:20Z

Modified

2026-04-21T04:37:10.464744Z

Summary

CVE-2025-30258 affecting package gnupg2 2.4.9-2

Details

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

References

https://nvd.nist.gov/vuln/detail/CVE-2025-30258

Affected packages

Azure Linux:3 / gnupg2

Package

Name: gnupg2
Purl: pkg:rpm/azure-linux/gnupg2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.4.9-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-58935.json"