{"id":"CVE-2025-68973","details":"In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)","modified":"2026-04-12T22:06:21.819590Z","published":"2025-12-28T17:16:01.500Z","related":["ALSA-2026:0697","ALSA-2026:0719","ALSA-2026:0728","SUSE-SU-2026:0214-1","SUSE-SU-2026:0215-1","SUSE-SU-2026:0378-1","SUSE-SU-2026:20080-1","SUSE-SU-2026:20108-1","SUSE-SU-2026:20243-1","SUSE-SU-2026:20356-1","openSUSE-SU-2026:10001-1","openSUSE-SU-2026:20029-1"],"references":[{"type":"WEB","url":"https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306"},{"type":"WEB","url":"https://gpg.fail/memcpy"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html"},{"type":"REPORT","url":"https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i"},{"type":"REPORT","url":"https://news.ycombinator.com/item?id=46403200"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2025/12/29/11"},{"type":"FIX","url":"https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9"},{"type":"FIX","url":"https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51"},{"type":"ARTICLE","url":"https://www.openwall.com/lists/oss-security/2025/12/28/5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpg/gnupg","events":[{"introduced":"0"},{"last_affected":"6f39568ae6550d996ce2a19ad1e5f21904f3ab30"},{"fixed":"115d138ba599328005c5321c0ef9f00355838ca9"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.4.8"}]}}],"versions":["ABANDONED-V-1-2-0","Beta-2.3.0-beta1598","Beta-2.3.0-beta1655","NEWPG-0-0-0","NEWPG-0-3-0","NEWPG-0-3-1","NEWPG-0-3-10","NEWPG-0-3-2","NEWPG-0-3-3","NEWPG-0-3-4","NEWPG-0-3-5","NEWPG-0-3-6","NEWPG-0-3-7","NEWPG-0-3-8","NEWPG-0-3-9","NEWPG-0-9-0","NEWPG-0-9-1","NEWPG-0-9-2","RC-1-2-1rc1","RC-1-2-2rc1","RC-1-2-2rc2","RC-1-2-3rc1","RC-1-2-3rc2","RC-1-2-4rc1","RC-1-2-5rc1","RC-1-2-5rc2","RC-1-4-1rc1","RC-1-4-1rc2","RC-1-4-2rc1","RC-1-4-2rc2","V-0-2-8","V0-0-0","V0-1-0","V0-2-0","V0-2-10","V0-2-15","V0-2-17","V0-2-18","V0-2-19","V0-2-6","V0-3-0","V0-3-1","V0-3-2","V0-3-3","V0-3-4","V0-3-5","V0-4-0","V0-4-1","V0-4-2","V0-4-3","V0-4-4","V0-4-5","V0-9-0","V0-9-1","V0-9-10","V0-9-11","V0-9-2","V0-9-3","V0-9-4","V0-9-5","V0-9-6","V0-9-7","V0-9-8","V0-9-9","V1-0-0","V1-0-1","V1-0-1-ePit-1","V1-0-2","V1-0-3","V1-0-4","V1-1-0","V1-1-2","V1-1-90","V1-1-91","V1-1-92","V1-2-0","V1-2-1","V1-2-2","V1-2-3","V1-2-4","V1-2-5","V1-3-0","V1-3-1","V1-3-2","V1-3-3","V1-3-4","V1-3-5","V1-3-6","V1-3-90","V1-3-91","V1-3-92","V1-3-93","V1-4-0","V1-4-1","V1-9-0","ecc-integration-done","gnupg-1.4.3","gnupg-1.4.3rc1","gnupg-1.4.3rc2","gnupg-1.4.4","gnupg-1.4.5","gnupg-1.4.5rc1","gnupg-1.9.23","gnupg-1.9.90","gnupg-1.9.91","gnupg-1.9.92","gnupg-1.9.93","gnupg-1.9.94","gnupg-1.9.95","gnupg-2.0.1","gnupg-2.0.10","gnupg-2.0.10rc1","gnupg-2.0.11","gnupg-2.0.12","gnupg-2.0.13","gnupg-2.0.1rc1","gnupg-2.0.2","gnupg-2.0.3","gnupg-2.0.4","gnupg-2.0.5","gnupg-2.0.6","gnupg-2.0.7","gnupg-2.0.8","gnupg-2.0.8rc1","gnupg-2.0.9","gnupg-2.1-base","gnupg-2.1.0","gnupg-2.1.0-beta442","gnupg-2.1.0-beta751","gnupg-2.1.0-beta783","gnupg-2.1.0-beta834","gnupg-2.1.0-beta864","gnupg-2.1.0-beta895","gnupg-2.1.0beta1","gnupg-2.1.0beta2","gnupg-2.1.0beta3","gnupg-2.1.1","gnupg-2.1.11","gnupg-2.1.12","gnupg-2.1.13","gnupg-2.1.14","gnupg-2.1.15","gnupg-2.1.16","gnupg-2.1.17","gnupg-2.1.18","gnupg-2.1.19","gnupg-2.1.2","gnupg-2.1.20","gnupg-2.1.21","gnupg-2.1.22","gnupg-2.1.23","gnupg-2.1.3","gnupg-2.1.4","gnupg-2.1.5","gnupg-2.1.6","gnupg-2.1.7","gnupg-2.1.8","gnupg-2.1.9","gnupg-2.2-base","gnupg-2.2.0","gnupg-2.3-base","gnupg-2.3.0","gnupg-2.3.1","gnupg-2.3.2","gnupg-2.3.3","gnupg-2.3.4","gnupg-2.3.5","gnupg-2.3.6","gnupg-2.3.7","gnupg-2.3.8","gnupg-2.4-base","gnupg-2.4.0","gnupg-2.4.1","gnupg-2.4.2","gnupg-2.4.3","gnupg-2.4.4","gnupg-2.4.5","gnupg-2.4.6","gnupg-2.4.7","gnupg-2.4.8","gnupg-2.5-base","gnupg-2.5.0","gnupg-2.5.1","gnupg-2.5.10","gnupg-2.5.11","gnupg-2.5.12","gnupg-2.5.13","gnupg-2.5.2","gnupg-2.5.3","gnupg-2.5.4","gnupg-2.5.5","gnupg-2.5.6","gnupg-2.5.7","gnupg-2.5.8","gnupg-2.5.9","gnupg-2.6-base","post-nuke-of-trailing-ws"],"database_specific":{"vanir_signatures_modified":"2026-04-12T22:06:21Z","vanir_signatures":[{"signature_type":"Line","target":{"file":"g10/armor.c"},"source":"https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9","digest":{"threshold":0.9,"line_hashes":["49443994032101166499817929710418787617","15885349329180648629886665119482066444","251567423413559438915149228397159278172","245307190880893838302112067120951580886","233025292863636828738951527225626808703"]},"signature_version":"v1","id":"CVE-2025-68973-0795d086","deprecated":false},{"signature_type":"Function","target":{"file":"common/iobuf.c","function":"underflow_target"},"source":"https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9","digest":{"function_hash":"308261127033383064013893380111635919569","length":4339},"signature_version":"v1","id":"CVE-2025-68973-68fb37d4","deprecated":false},{"signature_type":"Function","target":{"file":"g10/armor.c","function":"armor_filter"},"source":"https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9","digest":{"function_hash":"8491897487455473404532060143085768712","length":6659},"signature_version":"v1","id":"CVE-2025-68973-7fc31e4d","deprecated":false},{"signature_type":"Line","target":{"file":"common/iobuf.c"},"source":"https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9","digest":{"threshold":0.9,"line_hashes":["58417909544796076269955505969248422608","110818776878108934247290968241798853078","99737392810453685630251105482111447244","113935288793173739545537940463888600246","41376399652890006191605110496782282706","202248868800533379919068614240070725527","90049560659301795284536280797535053471","9804346519796051411285763134077578441","296479341702821865710742504302221433754","292603048869066697821076139961345089813","186002179277992063921212080551453478339","69347065700127502231412071429307141456","260244605468677653061030662897025985687","140014099526233636479402025901264429351"]},"signature_version":"v1","id":"CVE-2025-68973-b1425f20","deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68973.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}