{"id":"CVE-2020-25125","details":"GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.","modified":"2026-04-10T04:25:08.448874Z","published":"2020-09-03T18:15:15.160Z","related":["CGA-w8m2-q2wr-48v4","openSUSE-SU-2024:10815-1"],"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/09/03/4"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/09/03/5"},{"type":"ADVISORY","url":"https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html"},{"type":"REPORT","url":"https://bugzilla.opensuse.org/show_bug.cgi?id=1176034"},{"type":"FIX","url":"https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc"},{"type":"ARTICLE","url":"https://dev.gnupg.org/T5050"}],"affected":[{"ranges":[{"type":"GIT","repo":"git://git.gnupg.org/gpg4win.git","events":[{"introduced":"0"},{"last_affected":"69077578c9cf52633e91b3cce5805fdedd643cc8"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.1.12"}]}}],"versions":["gpg4win-0-0-1","gpg4win-0.0.2","gpg4win-0.1.0","gpg4win-0.2.0","gpg4win-0.2.1","gpg4win-0.3.1","gpg4win-0.5.0","gpg4win-0.5.1","gpg4win-0.6.0","gpg4win-0.7.0","gpg4win-0.8.0","gpg4win-1.0.0","gpg4win-1.0.0rc1","gpg4win-1.0.1","gpg4win-1.0.2","gpg4win-1.0.3","gpg4win-1.0.4","gpg4win-1.0.5","gpg4win-1.0.6","gpg4win-1.0.7","gpg4win-1.0.8","gpg4win-1.0.9","gpg4win-1.1.0","gpg4win-1.1.1","gpg4win-1.1.2","gpg4win-1.1.3","gpg4win-1.9.0","gpg4win-1.9.11","gpg4win-1.9.12","gpg4win-1.9.13","gpg4win-1.9.14","gpg4win-1.9.15","gpg4win-1.9.2-beta","gpg4win-1.9.3","gpg4win-1.9.4-beta","gpg4win-1.9.6","gpg4win-1.9.7","gpg4win-1.9.8","gpg4win-2.0.0","gpg4win-2.0.0rc1","gpg4win-2.0.1","gpg4win-2.0.2rc2","gpg4win-2.1.0","gpg4win-2.1.0-beta1","gpg4win-2.1.0-rc1","gpg4win-2.1.0-rc2","gpg4win-2.1.1","gpg4win-2.2.0","gpg4win-2.2.1","gpg4win-2.2.2","gpg4win-2.2.3","gpg4win-2.2.4","gpg4win-2.2.5","gpg4win-3.0.0","gpg4win-3.0.1","gpg4win-3.0.2","gpg4win-3.0.3","gpg4win-3.1.0","gpg4win-3.1.1","gpg4win-3.1.10","gpg4win-3.1.11","gpg4win-3.1.12","gpg4win-3.1.2","gpg4win-3.1.3","gpg4win-3.1.4","gpg4win-3.1.5","gpg4win-3.1.8","gpg4win-3.1.9","gpg4win-compendium-de-3.0.0","gpg4win-compendium-de-3.0.0-beta1","gpg4win-compendium-de-3.0.0-beta2@1264","gpg4win-compendium-de-3.0.0-beta3","gpg4win-compendium-de-3.0.0-beta4","gpg4win-compendium-en-3.0.0","gpgme-1-1-1","gpgme-1.1.1","gpgol-0.3.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.2.21"}]},{"events":[{"introduced":"0"},{"last_affected":"2.2.22"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25125.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}