Reported

November 7, 2025

Issued

December 15, 2025 (last modified: December 17, 2025)

Package

sequoia-openpgp (crates.io)

Type

Vulnerability

Categories

• denial-of-service

Aliases

• CVE-2025-67897
• GHSA-v6x3-9r38-r27q

References

• https://gitlab.com/sequoia-pgp/sequoia/-/blob/b59886e5e7bdf7169ed330f309a6633d131776e5/openpgp/NEWS#L7-L26

CVSS Score

4.3 MEDIUM

CVSS Details

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality Impact

None

Integrity Impact

None

Availability Impact

Low

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Patched

• >=2.1.0

Affected Functions

Version

sequoia_openpgp::crypto::ecdh::aes_key_unwrap

• <2.1.0

Description

The aes_key_unwrap function would panic if passed a ciphertext that was too short. In a debug build, it would panic due to a subtraction underflow. In a release build, it would use the small negative quantity to allocate a vector. Since the allocator expects an unsigned quantity, the negative value would be interpreted as a huge allocation. The allocator would then fail to allocate the memory and panic.

An attacker could trigger this panic by sending a victim an encrypted message whose PKESK or SKESK packet has been specially modified. When the victim decrypts the message, the program would crash.

Advisory available under CC0-1.0 license.