CNNVD-202511-2456 Information
CNNVD ID
CNNVD-202511-2456
Related CVE
- CNNVD Published: 2025-11-21
Description (Chinese)
RNP是RNP开源的一个C++库。 RNP 0.18.0版本存在安全漏洞,该漏洞源于PKESK数据包中使用的对称会话密钥未初始化,可能导致完全破坏机密性。
Description (English)
RNP is a C++ library of RNP open sources. Version 0.18.0 of the RNP contains a security loophole that originates from the non-initiation of symmetrical key used in the PKESK data package, which may lead to a complete breach of confidentiality.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
RNP
Published
2025-11-21
Last Modified
2026-02-24
References
https://github.com/rnpgp/rnp/releases/tag/v0.18.1 https://github.com/rnpgp/rnp/commit/7bd9a8dc356aae756b40755be76d36205b6b161a https://open.ribose.com/advisories/ra-2025-11-20/ https://packages.gentoo.org/packages/dev-util/librnp https://aur.archlinux.org/packages/rnp https://bugzilla.redhat.com/show_bug.cgi?id=2415863 https://launchpad.net/ubuntu/+source/rnp https://access.redhat.com/security/cve/cve-2025-13402 https://vigilance.fr/vulnerability/RNP-no-encryption-via-Uninitialized-PKESK-Keys-48883
Patch
https://github.com/rnpgp/rnp/releases
Share on: