vulnerability

Red Hat: CVE-2025-68973: GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write (Multiple Advisories)

Name: Red Hat: CVE-2025-68973: GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write (Multiple Advisories)
Creator: Red Hat
Published: 2025-12-28T00:00:00.000Z
Keywords: CVE, CWE-675, CWE-787, Red Hat, 2025, 68973, GnuPG, redhat-upgrade-gnupg2, redhat-upgrade-gnupg2-debuginfo, redhat-upgrade-gnupg2-debugsource, redhat-upgrade-gnupg2-smime, redhat-upgrade-gnupg2-smime-debuginfo, Severity 6

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:N)

Published

Dec 28, 2025

Added

Jan 16, 2026

Modified

Jun 12, 2026

Description

A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.

Solutions

redhat-upgrade-gnupg2redhat-upgrade-gnupg2-debuginforedhat-upgrade-gnupg2-debugsourceredhat-upgrade-gnupg2-smimeredhat-upgrade-gnupg2-smime-debuginfo

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report