Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2025-67897
CVE-2025-67897
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.
Published Dec 15, 2025
https://bugs.debian.org/1122582
CVSS Score
Medium
5.3
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
rpm
rust-sequoia-openpgp
1.13.0-2.el9
rpm
rust-sequoia-openpgp
1.14.0-1.el9
rpm
rust-sequoia-openpgp
1.15.0-1.el9
rpm
rust-sequoia-openpgp
1.16.0-1.el9
rpm
rust-sequoia-openpgp
1.16.1-1.el9
rpm
rust-sequoia-openpgp
1.17.0-2.el9
rpm
rust-sequoia-openpgp
1.18.0-1.el9
rpm
rust-sequoia-openpgp
1.19.0-1.el9
rpm
rust-sequoia-openpgp
1.20.0-1.el9
rpm
rust-sequoia-openpgp
1.21.0-1.el9
rpm
rust-sequoia-openpgp
1.21.1-1.el9
rpm
rust-sequoia-openpgp
1.21.2-1.el9
rpm
rust-sequoia-openpgp
1.22.0-1.el9
rpm
rust-sequoia-openpgp
2.0.0-1.el9
rpm
rust-sequoia-openpgp
2.0.0-2.el9
rpm
rust-sequoia-openpgp
2.1.0-1.el9
rpm
rust-sequoia-openpgp
2.1.0-2.el9
rpm
rust-sequoia-openpgp
2.1.0-3.el10_2
1-18 of 18
CVE-2025-67897 | Components Impacted | Sonatype Guide | Sonatype Guide
