{"id":"CVE-2025-67897","details":"In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.","aliases":["GHSA-v6x3-9r38-r27q","RUSTSEC-2025-0136"],"modified":"2026-04-10T05:34:53.440769Z","published":"2025-12-14T05:16:06.453Z","related":["CGA-9h2q-x62v-rph9"],"references":[{"type":"WEB","url":"https://bugs.debian.org/1122582"},{"type":"WEB","url":"https://gitlab.com/sequoia-pgp/sequoia/-/blob/b59886e5e7bdf7169ed330f309a6633d131776e5/openpgp/NEWS#L7-L26"},{"type":"FIX","url":"https://gitlab.com/sequoia-pgp/sequoia/-/commit/b59886e5e7bdf7169ed330f309a6633d131776e5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/sequoia-pgp/sequoia","events":[{"introduced":"0"},{"fixed":"02d387c16b83e3dac598b4f2e76e278e6452e2b8"},{"fixed":"b59886e5e7bdf7169ed330f309a6633d131776e5"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1.0"}]}}],"versions":["autocrypt/v0.23.0","autocrypt/v0.23.1","autocrypt/v0.24.0","autocrypt/v0.25.0","autocrypt/v0.25.1","autocrypt/v0.26.0","buffered-reader/v1.0.1","buffered-reader/v1.1.0","buffered-reader/v1.1.1","buffered-reader/v1.1.2","buffered-reader/v1.1.3","buffered-reader/v1.1.4","buffered-reader/v1.2.0","buffered-reader/v1.3.0","buffered-reader/v1.3.1","buffered-reader/v1.3.2","buffered-reader/v1.4.0","ipc/v0.25.0","ipc/v0.26.0","ipc/v0.27.0","ipc/v0.28.0","ipc/v0.30.0","ipc/v0.30.1","ipc/v0.31.0","ipc/v0.32.0","ipc/v0.33.0","ipc/v0.34.0","ipc/v0.34.1","ipc/v0.35.0","ipc/v0.35.1","ipc/v0.36.0","net/v0.23.0","net/v0.24.0","net/v0.25.0","net/v0.26.0","net/v0.27.0","net/v0.28.0","net/v0.29.0","net/v0.30.0","openpgp/v1.1.0","openpgp/v1.10.0","openpgp/v1.11.0","openpgp/v1.12.0","openpgp/v1.13.0","openpgp/v1.14.0","openpgp/v1.15.0","openpgp/v1.16.0","openpgp/v1.17.0","openpgp/v1.18.0","openpgp/v1.19.0","openpgp/v1.20.0","openpgp/v1.21.0","openpgp/v1.21.1","openpgp/v1.21.2","openpgp/v1.22.0","openpgp/v1.3.0","openpgp/v1.4.0","openpgp/v1.5.0","openpgp/v1.6.0","openpgp/v1.7.0","openpgp/v1.8.0","openpgp/v1.9.0","openpgp/v2.0.0","openpgp/v2.0.0-alpha.0","openpgp/v2.0.0-alpha.1","openpgp/v2.0.0-alpha.2","sq/v0.23.0","sq/v0.24.0","sq/v0.25.0","sq/v0.26.0","sq/v0.27.0","sq/v0.28.0","v0.1.0","v0.10.0","v0.11.0","v0.12.0","v0.13.0","v0.14.0","v0.15.0","v0.16.0","v0.17.0","v0.18.0","v0.19.0","v0.2.0","v0.20.0","v0.21.0","v0.3.0","v0.4.0","v0.4.1","v0.5.0","v0.6.0","v0.7.0","v0.8.0","v0.9.0","v1.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67897.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}