Johannes Roth

**Name of the Vulnerable Software and Affected Versions** RNP version 0.18.0 **Description** A regression in RNP version 0.18.0 causes the symmetric session key used for Public-Key Encrypted Session Key (PKESK) packets to remain uninitialized, resulting in it always being an all-zero byte array. This allows trivial decryption of data encrypted using public-key encryption by supplying an all-zero session key, fully compromising confidentiality. The issue affects only public key encryption (PKESK packets) and does not impact passphrase-based encryption (SKESK packets). The root cause is a vulnerable session key buffer used in PKESK packet generation, introduced by commit `7bd9a8dc356aae756b40755be76d36205b6b161a`, where initialization logic inside `encrypted build skesk()` only randomized the key for the SKESK path and omitted it for the PKESK path. **Recommendations** Update to a newer version of RNP that addresses this issue.