CVE-2020-25125
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.
GnuPG versiones 2.2.21 y 2.2.22 (y Gpg4win versión 3.1.12), presenta un desbordamiento de la matriz, conllevando a un bloqueo o posiblemente otro impacto no especificado, cuando una víctima importa la clave OpenPGP de un atacante, y esta clave contiene preferencias AEAD. El desbordamiento es causado por un error en el archivo g10/key-check.c. NOTA: GnuPG versión 2.3.x, no está afectado. GnuPG versión 2.2.23 es una versión corregida
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-09-03 CVE Reserved
- 2020-09-03 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-08-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2020/09/03/4 | Mailing List | |
http://www.openwall.com/lists/oss-security/2020/09/03/5 | Mailing List | |
https://dev.gnupg.org/T5050 | Mailing List |
URL | Date | SRC |
---|---|---|
https://bugzilla.opensuse.org/show_bug.cgi?id=1176034 | 2024-08-04 |
URL | Date | SRC |
---|---|---|
https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc | 2020-09-11 |
URL | Date | SRC |
---|---|---|
https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html | 2020-09-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.2.21 Search vendor "Gnupg" for product "Gnupg" and version "2.2.21" | - |
Affected
| ||||||
Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 2.2.22 Search vendor "Gnupg" for product "Gnupg" and version "2.2.22" | - |
Affected
| ||||||
Gpg4win Search vendor "Gpg4win" | Gpg4win Search vendor "Gpg4win" for product "Gpg4win" | 3.1.12 Search vendor "Gpg4win" for product "Gpg4win" and version "3.1.12" | - |
Affected
|