CNNVD-202512-4839 Information

CNNVD ID

CNNVD-202512-4839

Related CVE

CVE-2025-68972

• CNNVD Published: 2025-12-27

Description (Chinese)

GNUPG是美国GNU社区的一套开源的加密软件，采用GNU通用公共许可证。该软件支持公钥、对称加密、散列等算法。 GNUPG 2.4.8及之前版本存在数据伪造问题漏洞，该漏洞源于签名消息中f处理不当，可能导致签名验证绕过。

Description (English)

GNUPG is an open-source encryption software for the GNU community in the United States, using the GNU General Public Licence. The software supports algorithms such as public keys, symmetric encryption, hash. GNUPG 2.4.8 and previous versions contain a loophole in the problem of data forgery, which arises from the mishandling of signature messages, which may lead to a circumvention of signature authentication.

Hazard Level

High

Vulnerability Type

数据伪造问题

Affected Vendor

GNU

Published

2025-12-27

Last Modified

2026-02-24

References

https://news.ycombinator.com/item?id=46404339 https://gpg.fail/formfeed https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68972