oss-sec mailing list archives
Re: Many vulnerabilities in GnuPG
From: Sam James <sam () gentoo org>
Date: Tue, 30 Dec 2025 20:24:00 +0000
Demi Marie Obenour <demiobenour () gmail com> writes:
On 12/29/25 11:57, Lexi Groves (49016) wrote: [...]> Item 5: Memory Corruption in ASCII-Armor Parsing > > This is a serious memory-safety error in GPG. Yes. We did not have the time to try to exploit it, but we agreed that there is potential for remote code execution. We think that it is irresponsible to not release the fix on the 2.4 branch, which is what most users in the wild use.I totally agree. This is why I referred to this vulnerability as a zero-day. (snip)
It's fixed in gnupg-2.4.9 for that branch, released today.
Current thread:
- Re: Many vulnerabilities in GnuPG, (continued)
- Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 29)
- Re: safe use of cleartext signatures? (was: Many vulnerabilities in GnuPG) Jacob Bachmeyer (Dec 30)
- Re: safe use of cleartext signatures? Werner Koch (Dec 30)
- Re: safe use of cleartext signatures? Demi Marie Obenour (Dec 30)
- Re: safe use of cleartext signatures? Werner Koch (Dec 31)
- Re: Many vulnerabilities in GnuPG Lexi Groves (49016) (Dec 29)
- Re: Many vulnerabilities in GnuPG Henrik Ahlgren (Dec 29)
- Re: Many vulnerabilities in GnuPG Sam James (Dec 29)
- Re: Many vulnerabilities in GnuPG Jacob Bachmeyer (Dec 30)
- Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 30)
- Re: Many vulnerabilities in GnuPG Sam James (Dec 30)
- Re: Many vulnerabilities in GnuPG Jeffrey Walton (Dec 30)
- Re: Many vulnerabilities in GnuPG Andreas Metzler (Dec 29)
- Re: Many vulnerabilities in GnuPG Peter Gutmann (Dec 29)
- Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 30)
- Re: Many vulnerabilities in GnuPG Peter Gutmann (Dec 30)
- Re: Many vulnerabilities in GnuPG Henrik Ahlgren (Dec 30)
- Re: Many vulnerabilities in GnuPG Collin Funk (Dec 30)
- Re: Many vulnerabilities in GnuPG Peter Gutmann (Dec 31)