Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-30258

Опубликовано: 19 мар. 2025
Источник: debian
EPSS Низкий

Описание

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gnupg2fixed2.2.46-5package
gnupg2no-dsabookwormpackage
gnupg2postponedbullseyepackage

Примечания

  • https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html

  • https://dev.gnupg.org/T7527

  • https://gitlab.com/freepg/gnupg/-/merge_requests/18

  • Fixed by: https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158

  • Follow-up (#1099141): https://dev.gnupg.org/T7547

  • Follow-up: https://dev.gnupg.org/rGd3d7713c1799754160260cb350309dd183b397f5

  • Double-free of internal data:

  • https://gitlab.com/freepg/gnupg/-/merge_requests/22

  • Follow-up: https://dev.gnupg.org/rG0666a8858fafefb6664c976eb94b73550a7e3da4

EPSS

Процентиль: 3%
0.00017
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-30258

CVSS3: 2.7
ubuntu
6 месяцев назад

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

redhat логотип

CVE-2025-30258

CVSS3: 2.7
redhat
6 месяцев назад

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

nvd логотип

CVE-2025-30258

CVSS3: 2.7
nvd
6 месяцев назад

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

suse-cvrf логотип

SUSE-SU-2025:02259-1

suse-cvrf
2 месяца назад

Recommended update for gpg2

github логотип

GHSA-5rjg-pf4q-hgcr

CVSS3: 2.7
github
6 месяцев назад

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

EPSS

Процентиль: 3%
0.00017
Низкий