Bug 2425966 (CVE-2025-68973) - CVE-2025-68973 GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write
Summary: CVE-2025-68973 GnuPG: GnuPG: Information disclosure and potential arbitrary c...
Keywords:
Status: NEW
Alias: CVE-2025-68973
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-12-30 07:12 UTC by OSIDB Bzimport
Modified: 2026-01-20 17:40 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2026:0727 0 None None None 2026-01-15 20:31:52 UTC
Red Hat Product Errata RHBA-2026:0748 0 None None None 2026-01-19 01:30:55 UTC
Red Hat Product Errata RHBA-2026:0749 0 None None None 2026-01-19 01:08:33 UTC
Red Hat Product Errata RHBA-2026:0757 0 None None None 2026-01-19 01:29:20 UTC
Red Hat Product Errata RHBA-2026:0758 0 None None None 2026-01-19 01:25:42 UTC
Red Hat Product Errata RHBA-2026:0805 0 None None None 2026-01-19 12:23:27 UTC
Red Hat Product Errata RHBA-2026:0806 0 None None None 2026-01-19 12:27:10 UTC
Red Hat Product Errata RHBA-2026:0807 0 None None None 2026-01-19 12:21:54 UTC
Red Hat Product Errata RHBA-2026:0808 0 None None None 2026-01-19 12:21:17 UTC
Red Hat Product Errata RHBA-2026:0811 0 None None None 2026-01-19 13:58:37 UTC
Red Hat Product Errata RHBA-2026:0855 0 None None None 2026-01-20 14:10:29 UTC
Red Hat Product Errata RHBA-2026:0856 0 None None None 2026-01-20 17:40:48 UTC
Red Hat Product Errata RHBA-2026:0857 0 None None None 2026-01-20 17:40:07 UTC
Red Hat Product Errata RHBA-2026:0858 0 None None None 2026-01-20 17:11:15 UTC
Red Hat Product Errata RHSA-2026:0697 0 None None None 2026-01-15 11:21:26 UTC
Red Hat Product Errata RHSA-2026:0719 0 None None None 2026-01-15 17:02:34 UTC
Red Hat Product Errata RHSA-2026:0728 0 None None None 2026-01-15 21:24:17 UTC

Description OSIDB Bzimport 2025-12-30 07:12:00 UTC 
In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input.
Comment 1 Javier Hernández 2026-01-12 09:53:02 UTC 
Hey, are there any plans in fixing cve-2025-68973?
Comment 2 Javier Hernández 2026-01-12 09:58:25 UTC 
Oh, I see that the fix has been pushed to Fedora already [1]
I imagine that RHEL will get it anytime soon, right?

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2425718
Comment 3 errata-xmlrpc 2026-01-15 11:21:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:0697 https://access.redhat.com/errata/RHSA-2026:0697
Comment 4 errata-xmlrpc 2026-01-15 17:02:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:0719 https://access.redhat.com/errata/RHSA-2026:0719
Comment 5 errata-xmlrpc 2026-01-15 21:24:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:0728 https://access.redhat.com/errata/RHSA-2026:0728
Note You need to log in before you can comment on or make changes to this bug.