CNNVD-202512-2600 Information

CNNVD ID

CNNVD-202512-2600

Related CVE

CVE-2025-67897

• CNNVD Published: 2025-12-14

Description (Chinese)

Sequoia PGP是sequoia-pgp开源的一个Rust库。 Sequoia PGP 2.1.0之前版本存在安全漏洞，该漏洞源于aes_key_unwrap在传递过短密文时会崩溃，可能导致应用程序崩溃。

Description (English)

Sequoia PGP is a Rust bank of open sources of sequioia-pgp. There was a security loophole in the previous version of Sequoia PGP 2.1. The loophole arose from aes key unwrap when passing short texts, which could lead to the collapse of the application.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

sequoia-pgp

Published

2025-12-14

Last Modified

2026-02-24

References

https://bugs.debian.org/1122582 https://gitlab.com/sequoia-pgp/sequoia/-/blob/b59886e5e7bdf7169ed330f309a6633d131776e5/openpgp/NEWS#L7-L26 https://gitlab.com/sequoia-pgp/sequoia/-/commit/b59886e5e7bdf7169ed330f309a6633d131776e5