6 matches found
EUVD-2025-203279
In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...
GHSA-V6X3-9R38-R27Q Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short
In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...
UBUNTU-CVE-2025-67897
In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...
CVE-2025-67897
CVE-2025-67897 affects Sequoia OpenPGP components with a panic in aes_key_unwrap when processing a ciphertext too short (remote attacker could trigger a crash by sending crafted PKESK/SKESK packets). Fedora advisories for Fedora 42/43 indicate the issue is addressed by upgrading to sequoia-openpg...
CVE-2025-13470 RNP 0.18.0 Vulnerable PKESK session keys
In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...
CVE-2019-17520
The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service crash via crafted packets...