CVE-2025-68973
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-68973
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68973.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-68973
- Downstream
- Published
- 2025-12-28T17:16:01.500Z
- Modified
- 2026-01-16T06:51:39.669586Z
- Severity
-
- 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
- References
-
- https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306
- https://gpg.fail/memcpy
- https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html
- https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
- https://news.ycombinator.com/item?id=46403200
- https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9
- https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51
- http://www.openwall.com/lists/oss-security/2025/12/29/11
- https://www.openwall.com/lists/oss-security/2025/12/28/5
Affected packages
Git / github.com/gpg/gnupg
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gpg/gnupg
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
ABANDONED-V-1-2-0
NEWPG-0-0-0
NEWPG-0-3-0
NEWPG-0-3-1
NEWPG-0-3-10
NEWPG-0-3-2
NEWPG-0-3-3
NEWPG-0-3-4
NEWPG-0-3-5
NEWPG-0-3-6
NEWPG-0-3-7
NEWPG-0-3-8
NEWPG-0-3-9
NEWPG-0-9-0
NEWPG-0-9-1
NEWPG-0-9-2
RC-1-2-1rc1
RC-1-2-2rc1
RC-1-2-2rc2
RC-1-2-3rc1
RC-1-2-3rc2
RC-1-2-4rc1
RC-1-2-5rc1
RC-1-2-5rc2
RC-1-4-1rc1
RC-1-4-1rc2
RC-1-4-2rc1
RC-1-4-2rc2
V-0-2-8
V0-0-0
V0-1-0
V0-2-0
V0-2-10
V0-2-15
V0-2-17
V0-2-18
V0-2-19
V0-2-6
V0-3-0
V0-3-1
V0-3-2
V0-3-3
V0-3-4
V0-3-5
V0-4-0
V0-4-1
V0-4-2
V0-4-3
V0-4-4
V0-4-5
V0-9-0
V0-9-1
V0-9-10
V0-9-11
V0-9-2
V0-9-3
V0-9-4
V0-9-5
V0-9-6
V0-9-7
V0-9-8
V0-9-9
V1-0-0
V1-0-1
V1-0-1-ePit-1
V1-0-2
V1-0-3
V1-0-4
V1-1-0
V1-1-2
V1-1-90
V1-1-91
V1-1-92
V1-2-0
V1-2-1
V1-2-2
V1-2-3
V1-2-4
V1-2-5
V1-3-0
V1-3-1
V1-3-2
V1-3-3
V1-3-4
V1-3-5
V1-3-6
V1-3-90
V1-3-91
V1-3-92
V1-3-93
V1-4-0
V1-4-1
V1-9-0
V1-9-1
V1-9-10
V1-9-11
V1-9-12
V1-9-13
V1-9-14
V1-9-15
V1-9-16
V1-9-17
V1-9-18
V1-9-19
V1-9-2
V1-9-3
V1-9-4
V1-9-5
V1-9-6
V1-9-7
V1-9-8
V1-9-9
ecc-integration-done
post-nuke-of-trailing-ws
Beta-2.*
Beta-2.3.0-beta1598
Beta-2.3.0-beta1655
gnupg-1.*
gnupg-1.4.3
gnupg-1.4.3rc1
gnupg-1.4.3rc2
gnupg-1.4.4
gnupg-1.4.5
gnupg-1.4.5rc1
gnupg-1.9.20
gnupg-1.9.21
gnupg-1.9.22
gnupg-1.9.23
gnupg-1.9.90
gnupg-1.9.91
gnupg-1.9.92
gnupg-1.9.93
gnupg-1.9.94
gnupg-1.9.95
gnupg-2.*
gnupg-2.0.1
gnupg-2.0.10
gnupg-2.0.10rc1
gnupg-2.0.11
gnupg-2.0.12
gnupg-2.0.13
gnupg-2.0.1rc1
gnupg-2.0.2
gnupg-2.0.3
gnupg-2.0.4
gnupg-2.0.5
gnupg-2.0.6
gnupg-2.0.7
gnupg-2.0.8
gnupg-2.0.8rc1
gnupg-2.0.9
gnupg-2.1-base
gnupg-2.1.0
gnupg-2.1.0-beta442
gnupg-2.1.0-beta751
gnupg-2.1.0-beta783
gnupg-2.1.0-beta834
gnupg-2.1.0-beta864
gnupg-2.1.0-beta895
gnupg-2.1.0beta1
gnupg-2.1.0beta2
gnupg-2.1.0beta3
gnupg-2.1.1
gnupg-2.1.10
gnupg-2.1.11
gnupg-2.1.12
gnupg-2.1.13
gnupg-2.1.14
gnupg-2.1.15
gnupg-2.1.16
gnupg-2.1.17
gnupg-2.1.18
gnupg-2.1.19
gnupg-2.1.2
gnupg-2.1.20
gnupg-2.1.21
gnupg-2.1.22
gnupg-2.1.23
gnupg-2.1.3
gnupg-2.1.4
gnupg-2.1.5
gnupg-2.1.6
gnupg-2.1.7
gnupg-2.1.8
gnupg-2.1.9
gnupg-2.2-base
gnupg-2.2.0
gnupg-2.2.1
gnupg-2.2.2
gnupg-2.2.3
gnupg-2.2.4
gnupg-2.2.5
gnupg-2.2.6
gnupg-2.2.7
gnupg-2.3-base
gnupg-2.3.0
gnupg-2.3.1
gnupg-2.3.2
gnupg-2.3.3
gnupg-2.3.4
gnupg-2.3.5
gnupg-2.3.6
gnupg-2.3.7
gnupg-2.3.8
gnupg-2.4-base
gnupg-2.4.0
gnupg-2.4.1
gnupg-2.4.2
gnupg-2.4.3
gnupg-2.4.4
gnupg-2.4.5
gnupg-2.5-base
gnupg-2.5.0
gnupg-2.5.1
gnupg-2.5.10
gnupg-2.5.11
gnupg-2.5.12
gnupg-2.5.13
gnupg-2.5.2
gnupg-2.5.3
gnupg-2.5.4
gnupg-2.5.5
gnupg-2.5.6
gnupg-2.5.7
gnupg-2.5.8
gnupg-2.5.9
gnupg-2.6-base
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68973.json"
vanir_signatures
[
{
"deprecated": false,
"id": "CVE-2025-68973-0795d086",
"digest": {
"threshold": 0.9,
"line_hashes": [
"49443994032101166499817929710418787617",
"15885349329180648629886665119482066444",
"251567423413559438915149228397159278172",
"245307190880893838302112067120951580886",
"233025292863636828738951527225626808703"
]
},
"source": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "g10/armor.c"
}
},
{
"deprecated": false,
"id": "CVE-2025-68973-68fb37d4",
"digest": {
"length": 4339.0,
"function_hash": "308261127033383064013893380111635919569"
},
"source": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "common/iobuf.c",
"function": "underflow_target"
}
},
{
"deprecated": false,
"id": "CVE-2025-68973-7fc31e4d",
"digest": {
"length": 6659.0,
"function_hash": "8491897487455473404532060143085768712"
},
"source": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "g10/armor.c",
"function": "armor_filter"
}
},
{
"deprecated": false,
"id": "CVE-2025-68973-b1425f20",
"digest": {
"threshold": 0.9,
"line_hashes": [
"58417909544796076269955505969248422608",
"110818776878108934247290968241798853078",
"99737392810453685630251105482111447244",
"113935288793173739545537940463888600246",
"41376399652890006191605110496782282706",
"202248868800533379919068614240070725527",
"90049560659301795284536280797535053471",
"9804346519796051411285763134077578441",
"296479341702821865710742504302221433754",
"292603048869066697821076139961345089813",
"186002179277992063921212080551453478339",
"69347065700127502231412071429307141456",
"260244605468677653061030662897025985687",
"140014099526233636479402025901264429351"
]
},
"source": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "common/iobuf.c"
}
}
]