Lucene search
K

7 matches found

OSV
OSV
added 2026/05/27 6:18 p.m.18 views

JLSEC-2026-562 In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary...

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...

5.9CVSS5.8AI score0.00104EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2025/12/29 9:1 a.m.4 views

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.

...

5.9CVSS6.7AI score0.00104EPSS
Exploits0
EUVD
EUVD
added 2025/12/28 12:30 a.m.3 views

EUVD-2025-205487

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...

5.9CVSS6.5AI score0.00104EPSS
Exploits0References3
NVD
NVD
added 2025/12/27 11:15 p.m.5 views

CVE-2025-68972

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...

5.9CVSS0.00104EPSS
Exploits0References3
OSV
OSV
added 2025/12/27 11:15 p.m.2 views

DEBIAN-CVE-2025-68972

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...

4.7CVSS5.3AI score0.00104EPSS
Exploits0References1
OSV
OSV
added 2025/12/27 11:15 p.m.5 views

AZL-73911 CVE-2025-68972 affecting package gnupg2 2.4.0-3

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...

5.9CVSS5.8AI score0.00104EPSS
Exploits0References1
CVE
CVE
added 2025/12/27 10:52 p.m.500 views

CVE-2025-68972

CVE-2025-68972 affects GnuPG/gnupg2 <= 2.4.8, where a signed message ending a plaintext line with the form feed (\f) can allow an adversary to craft a modified message that still passes signature verification, with an “invalid armor” message printed during verification. Connected advisories in...

5.9CVSS6.6AI score0.00104EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder