Lucene search
K

6 matches found

EUVD
EUVD
added 2025/12/14 6:30 a.m.5 views

EUVD-2025-203279

In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...

5.3CVSS6.4AI score0.00297EPSS
Exploits0References4
OSV
OSV
added 2025/12/14 6:30 a.m.4 views

GHSA-V6X3-9R38-R27Q Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short

In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...

5.3CVSS6.8AI score0.00297EPSS
Exploits0References6
OSV
OSV
added 2025/12/14 5:16 a.m.4 views

UBUNTU-CVE-2025-67897

In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...

5.3CVSS5.8AI score0.00297EPSS
Exploits0References5
CVE
CVE
added 2025/12/14 4:35 a.m.20 views

CVE-2025-67897

CVE-2025-67897 affects Sequoia OpenPGP components with a panic in aes_key_unwrap when processing a ciphertext too short (remote attacker could trigger a crash by sending crafted PKESK/SKESK packets). Fedora advisories for Fedora 42/43 indicate the issue is addressed by upgrading to sequoia-openpg...

5.3CVSS6.5AI score0.00297EPSS
Exploits0References3
OSV
OSV
added 2025/11/21 5:5 p.m.2 views

CVE-2025-13470 RNP 0.18.0 Vulnerable PKESK session keys

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...

8.7CVSS6.1AI score0.00274EPSS
Exploits0References11
OSV
OSV
added 2020/02/10 9:51 p.m.4 views

CVE-2019-17520

The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service crash via crafted packets...

6.5CVSS6.9AI score
Exploits0References3
Rows per page
Query Builder