{"id":"RUSTSEC-2025-0136","summary":"Underflow in aes_key_unwrap function","details":"The `aes_key_unwrap` function would panic if passed a ciphertext\nthat was too short.  In a debug build, it would panic due to a\nsubtraction underflow.  In a release build, it would use the\nsmall negative quantity to allocate a vector.  Since the\nallocator expects an unsigned quantity, the negative value would\nbe interpreted as a huge allocation.  The allocator would then\nfail to allocate the memory and panic.\n\nAn attacker could trigger this panic by sending a victim an\nencrypted message whose PKESK or SKESK packet has been specially\nmodified.  When the victim decrypts the message, the program\nwould crash.","aliases":["CVE-2025-67897","GHSA-v6x3-9r38-r27q"],"modified":"2025-12-17T06:16:23.047289Z","published":"2025-11-07T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/sequoia-openpgp"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0136.html"},{"type":"WEB","url":"https://gitlab.com/sequoia-pgp/sequoia/-/blob/b59886e5e7bdf7169ed330f309a6633d131776e5/openpgp/NEWS#L7-L26"}],"affected":[{"package":{"name":"sequoia-openpgp","ecosystem":"crates.io","purl":"pkg:cargo/sequoia-openpgp"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"2.1.0"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"arch":[],"functions":["sequoia_openpgp::crypto::ecdh::aes_key_unwrap"],"os":[]}},"database_specific":{"cvss":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0136.json","categories":["denial-of-service"]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}]}