CVE-2025-67897

CVSS v3.1

5.3

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Sequoia versions prior to 2.1.0

Description A flaw exists in Sequoia that, when provided with a short ciphertext during the aes key unwrap process, causes a panic. An attacker can exploit this to cause an application crash by sending a specially crafted PKESK or SKESK packet containing an encrypted message.

Recommendations Update to Sequoia version 2.1.0 or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-195

Related Identifiers

CVE-2025-67897

GHSA-V6X3-9R38-R27Q

RUSTSEC-2025-0136

Affected Products

Debian

Sequoia

CVE-2025-67897

Weakness Enumeration

Related Identifiers

Affected Products

References · 16