CVE-2025-68973 Overview
CVE-2025-68973 is an out-of-bounds write vulnerability in GnuPG versions before 2.4.9. The flaw resides in the armor_filter function in g10/armor.c, where an index variable is incremented twice when only one increment is intended. Processing crafted ASCII-armored input triggers memory corruption in the armor parser. ExtendedLTS branches are fixed in 2.2.51 and later releases. The issue is tracked under [CWE-787] (Out-of-bounds Write) and [CWE-675] (Multiple Operations on Resource in Single-Statement Expression). Successful exploitation can compromise confidentiality, integrity, and availability on the affected host.
Critical Impact
A crafted OpenPGP armored message processed by a vulnerable GnuPG build can corrupt memory in the armor_filter, enabling potential code execution or process compromise in the context of the user running gpg.
Affected Products
- GnuPG versions prior to 2.4.9
- GnuPG ExtendedLTS versions prior to 2.2.51
- Linux distributions shipping affected GnuPG packages (e.g., Debian LTS)
Discovery Timeline
- 2025-12-28 - CVE-2025-68973 published to NVD
- 2025-12-29 - Openwall oss-security advisory update published
- 2026-01-14 - Last updated in NVD database
Technical Details for CVE-2025-68973
Vulnerability Analysis
The vulnerability is an out-of-bounds write in the OpenPGP ASCII-armor parser. GnuPG uses armor_filter in g10/armor.c to decode armored input streams into binary OpenPGP packets. The parser maintains an output index n and a source index afx->buffer_pos. A for loop iterates while n < size and copies bytes from the internal buffer into the caller-supplied buf. Because the loop body and the loop's for statement both increment n, the index advances by two per iteration. This double increment writes data past the bounds of buf and skips valid output positions, producing both memory corruption and content desynchronization. The flaw was demonstrated publicly in the gpg.fail research and the 39C3 talk "To Sign or Not to Sign".
Root Cause
The root cause is a programming error matching [CWE-675]: a single statement performs multiple side effects on the same loop variable. The original code increments n in the loop header (n++) and inside the body (buf[n++] = ...), so each successful copy advances n twice. When afx->buffer_len exceeds half of size, writes extend beyond buf[size-1], corrupting adjacent heap memory.
Attack Vector
An attacker supplies a crafted ASCII-armored OpenPGP file to a victim who decodes, verifies, or imports it with a vulnerable gpg binary. The attack vector is local because the malicious input must reach the GnuPG process, but delivery channels include email attachments, signed update artifacts, package signatures, and scripted pipelines. The complexity is high because the attacker must control the layout of the surrounding heap to achieve reliable exploitation.
// Patch from g10/armor.c — fix for the double-increment in armor_filter
n = 0;
if( afx->buffer_len ) {
/* Copy the data from AFX->BUFFER to BUF. */
- for(; n < size && afx->buffer_pos < afx->buffer_len; n++ )
- buf[n++] = afx->buffer[afx->buffer_pos++];
+ for(; n < size && afx->buffer_pos < afx->buffer_len;)
+ buf[n++] = afx->buffer[afx->buffer_pos++];
if( afx->buffer_pos >= afx->buffer_len )
afx->buffer_len = 0;
}
// Source: https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9
Detection Methods for CVE-2025-68973
Indicators of Compromise
- Unexpected crashes or SIGABRT/SIGSEGV signals from gpg, gpgv, or gpg2 processes when handling armored input.
- Presence of GnuPG packages with versions earlier than 2.4.9 (or 2.2.51 in the ExtendedLTS branch) on production systems.
- Receipt of OpenPGP .asc files with anomalously sized armor blocks or padding that triggers parser errors.
Detection Strategies
- Inventory installed GnuPG binaries with gpg --version and compare against fixed releases 2.4.9 and 2.2.51.
- Monitor automated signing and verification pipelines for non-zero exit codes or core dumps from gpg invocations.
- Inspect mail gateways and code-signing workflows for armored payloads originating from untrusted senders.
Monitoring Recommendations
- Enable core dump collection and ABRT-style crash reporting on hosts that decrypt or verify untrusted PGP content.
- Forward process telemetry for gpg invocations to a centralized analytics platform and alert on abnormal child-process termination.
- Track package management events for GnuPG upgrades to confirm fix deployment across the estate.
How to Mitigate CVE-2025-68973
Immediate Actions Required
- Upgrade GnuPG to 2.4.9 or later, or to 2.2.51 or later on ExtendedLTS systems.
- Apply distribution updates such as the Debian LTS Announcement for gnupg.
- Audit CI/CD and release-signing systems to confirm they run patched GnuPG before processing third-party armored input.
Patch Information
The upstream fix replaces the double-incrementing for loop in armor_filter so n advances only inside the loop body. The patch is committed in gpg/gnupg commit 115d138b and is included in the 2.2.51 release per the version comparison 2.2.50...2.2.51. Additional context is available in the Openwall oss-security update and the GPG Fail Analysis.
Workarounds
- Restrict GnuPG processing of armored input to trusted sources until patches are deployed.
- Run gpg under sandboxing (for example, bubblewrap, firejail, or systemd unit hardening) to limit the impact of memory corruption.
- Prefer binary OpenPGP input over ASCII-armored input in automated pipelines where feasible, since the flaw is in the armor parser path.
# Verify the installed GnuPG version and upgrade on Debian-based systems
gpg --version | head -n 1
sudo apt-get update
sudo apt-get install --only-upgrade gnupg gnupg2 gpgv
gpg --version | head -n 1
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
