CVE-2025-67897
MEDIUM5.3EPSS 0.17%Underflow in aes_key_unwrap function
Published: 12/14/2025Modified: 12/17/2025
Description
The `aes_key_unwrap` function would panic if passed a ciphertext that was too short. In a debug build, it would panic due to a subtraction underflow. In a release build, it would use the small negative quantity to allocate a vector. Since the allocator expects an unsigned quantity, the negative value would be interpreted as a huge allocation. The allocator would then fail to allocate the memory and panic. An attacker could trigger this panic by sending a victim an encrypted message whose PKESK or SKESK packet has been specially modified. When the victim decrypts the message, the program would crash.
Affected packages (3)
- crates.io/sequoia-openpgpfrom 0, < 2.1.0
- crates.io/sequoia-openpgp>= 0.0.0-0, < 2.1.0
- Debian/rust-sequoia-openpgpfrom 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-67897
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-67897
- PATCHhttps://crates.io/crates/sequoia-openpgp
- PATCHhttps://gitlab.com/sequoia-pgp/sequoia
- WEBhttps://bugs.debian.org/1122582
- WEBhttps://gitlab.com/sequoia-pgp/sequoia/-/blob/b59886e5e7bdf7169ed330f309a6633d131776e5/openpgp/NEWS#L7-L26
- WEBhttps://gitlab.com/sequoia-pgp/sequoia/-/commit/b59886e5e7bdf7169ed330f309a6633d131776e5
- WEBhttps://rustsec.org/advisories/RUSTSEC-2025-0136.html