3 matches found
EUVD-2025-203279
In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...
GHSA-V6X3-9R38-R27Q Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short
In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...
CVE-2025-67897
CVE-2025-67897 affects Sequoia OpenPGP components with a panic in aes_key_unwrap when processing a ciphertext too short (remote attacker could trigger a crash by sending crafted PKESK/SKESK packets). Fedora advisories for Fedora 42/43 indicate the issue is addressed by upgrading to sequoia-openpg...