[Pkg-rust-maintainers] Bug#1122582: sequoia-openpgp: DOS (crahsh) via special crafted encrypted message
Salvatore Bonaccorso
carnil at debian.org
Sun Dec 14 07:03:23 GMT 2025
Control: retitle -1 sequoia-openpgp: CVE-2025-67897: DOS (crash) via special crafted encrypted message
hi Holger,
On Thu, Dec 11, 2025 at 05:00:26PM +0100, Holger Levsen wrote:
> Package: rust-sequoia-openpgp
> Version: 1.1.0-3
> Severity: important
> Tags: security
>
> https://gitlab.com/sequoia-pgp/sequoia/-/commit/b59886e5e7bdf7169ed330f309a6633d131776e5
> which was first released with rust-sequoia-openpgp 2.1.0
> describes (and then fixes) the following problem:
>
> openpgp: Fix an underflow in aes_key_unwrap.
>
> The `aes_key_unwrap` function would panic if passed a ciphertext
> that was too short. In a debug build, it would panic due to a
> subtraction underflow. In a release build, it would use the small
> negative quantity to allocate a vector. Since the allocator
> expects an unsigned quantity, the negative value would be
> interpreted as a huge allocation. The allocator would then fail
> to allocate the memory and panic.
>
> An attacker could trigger this panic by sending a victim an
> encrypted message whose PKESK or SKESK packet has been specially
> modified. When the victim decrypts the message, the program would
> crash.
>
> Reported-by: Jan Różański.
CVE-2025-67897 has been assigned for this issue.
Regards,
Salvatore
More information about the Pkg-rust-maintainers
mailing list