Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2025/12/14 6:30 a.m.7 views

Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short

In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...

5.3CVSS7AI score0.00297EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/25 3:52 p.m.2 views

CVE-2025-13470

A flaw was found in RNP. This vulnerability allows for the trivial decryption of data encrypted using public-key encryption, fully compromising confidentiality, via an uninitialized symmetric session key in Public-Key Encrypted Session Key PKESK packets, which results in an all-zero byte array...

8.7CVSS6.4AI score0.00274EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/11/22 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-13470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized...

8.7CVSS5.9AI score0.00274EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/21 5:5 p.m.11 views

EUVD-2025-198494

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...

8.7CVSS6.5AI score0.00274EPSS
Exploits0References11
OSV
OSV
added 2025/11/07 12:0 p.m.2 views

RUSTSEC-2025-0136 Underflow in aes_key_unwrap function

The aeskeyunwrap function would panic if passed a ciphertext that was too short. In a debug build, it would panic due to a subtraction underflow. In a release build, it would use the small negative quantity to allocate a vector. Since the allocator expects an unsigned quantity, the negative value...

4.3CVSS6.8AI score0.00297EPSS
Exploits0References3
Rows per page
Query Builder