CVE-2020-25125 — HIGH (7.8)

Vulnerability Description

GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gnupg	Gnupg	2.2.21
Gpg4Win	Gpg4Win	3.1.12

Related Weaknesses (CWE)

CWE-120

References

http://www.openwall.com/lists/oss-security/2020/09/03/4Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2020/09/03/5Mailing ListThird Party Advisory
https://bugzilla.opensuse.org/show_bug.cgi?id=1176034ExploitIssue TrackingThird Party Advisory
https://dev.gnupg.org/T5050Mailing List
https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bcPatchVendor Advisory
https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.htmlVendor Advisory
http://www.openwall.com/lists/oss-security/2020/09/03/4Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2020/09/03/5Mailing ListThird Party Advisory
https://bugzilla.opensuse.org/show_bug.cgi?id=1176034ExploitIssue TrackingThird Party Advisory
https://dev.gnupg.org/T5050Mailing List
https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bcPatchVendor Advisory
https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.htmlVendor Advisory

FAQ

What is CVE-2020-25125?

CVE-2020-25125 is a vulnerability with a CVSS score of 7.8 (HIGH). GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD pref...

How severe is CVE-2020-25125?

CVE-2020-25125 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-25125?

Check the references section above for vendor advisories and patch information. Affected products include: Gnupg Gnupg, Gpg4Win Gpg4Win.