CVE-2025-67897Signed to Unsigned Conversion Error in Sequoia

CWE-195Signed to Unsigned Conversion Error9 documents7 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 48.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Sequoia-pgp SequoiaSequoia-pgp Sequoia-openpgpDebian Rust-sequoia-openpgp+2 more
Timeline
PublishedDec 14

Description

In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages5 packages

CVEListV5sequoia-pgp/sequoia< 2.1.0
crates.iosequoia-pgp/sequoia-openpgp0.0.0-02.1.0+1
debiandebian/rust-sequoia-openpgp< rust-sequoia-openpgp 2.1.0-1 (forky)

🔴Vulnerability Details

4
OSV
CVE-2025-67897: In Sequoia before 22025-12-14
OSV
Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short2025-12-14
GHSA
Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short2025-12-14
OSV
Underflow in aes_key_unwrap function2025-11-07

📋Vendor Advisories

3
Red Hat
Sequoia: Sequoia: Application crash via crafted encrypted message2025-12-14
Microsoft
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted mes2025-12-09
Debian
CVE-2025-67897: rust-sequoia-openpgp - In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is to...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-67897 Impact, Exploitability, and Mitigation Steps | Wiz