Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-30258

Опубликовано: 19 мар. 2025
Источник: debian
EPSS Низкий

Описание

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gnupg2fixed2.2.46-5package
gnupg2no-dsabookwormpackage
gnupg2postponedbullseyepackage

Примечания

  • https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html

  • https://dev.gnupg.org/T7527

  • https://gitlab.com/freepg/gnupg/-/merge_requests/18

  • Fixed by: https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158

  • Follow-up (#1099141): https://dev.gnupg.org/T7547

  • Follow-up: https://dev.gnupg.org/rGd3d7713c1799754160260cb350309dd183b397f5

  • Double-free of internal data:

  • https://gitlab.com/freepg/gnupg/-/merge_requests/22

  • Follow-up: https://dev.gnupg.org/rG0666a8858fafefb6664c976eb94b73550a7e3da4

EPSS

Процентиль: 5%
0.00022
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-30258

CVSS3: 2.7
ubuntu
8 месяцев назад

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

redhat логотип

CVE-2025-30258

CVSS3: 2.7
redhat
8 месяцев назад

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

nvd логотип

CVE-2025-30258

CVSS3: 2.7
nvd
8 месяцев назад

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

msrc логотип

CVE-2025-30258

msrc
2 месяца назад

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

suse-cvrf логотип

SUSE-SU-2025:02259-1

suse-cvrf
4 месяца назад

Recommended update for gpg2

EPSS

Процентиль: 5%
0.00022
Низкий
Уязвимость CVE-2025-30258