Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20251228043644.GA915@openwall.com>
Date: Sun, 28 Dec 2025 05:36:44 +0100
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: contact@....fail
Subject: Re: Many vulnerabilities in GnuPG

On Sun, Dec 28, 2025 at 05:27:44AM +0100, Solar Designer wrote:
> >     1. Multiple Plaintext Attack on Detached PGP Signatures in GnuPG
> >     2. GnuPG Accepts Path Separators and Path Traversals in Literal Data
> >        "Filename" Field
> >     3. Cleartext Signature Plaintext Truncated for Hash Calculation
> >     4. Encrypted message malleability checks are incorrectly enforced causing
> >        plaintext recovery attacks
> >     5. Memory Corruption in ASCII-Armor Parsing
> >     6. Trusted comment injection (minisign)
> >     7. Cleartext Signature Forgery in the NotDashEscaped header
> >        implementation in GnuPG
> >     8. OpenPGP Cleartext Signature Framework Susceptible to Format Confusion
> >     9. GnuPG Output Fails To Distinguish Signature Verification Success From
> >        Message Content
> >    10. Cleartext Signature Forgery in GnuPG
> >    11. Radix64 Line-Truncation Enabling Polyglot Attacks
> >    12. GnuPG may downgrade digest algorithm to SHA1 during key signature
> >        checking
> >    13. GnuPG Trust Packet Parsing Enables Adding Arbitrary Subkeys
> >    14. Trusted comment Injection (minisign)
> 
> Each of the above 14 vulnerabilities has its own web page.  I attach 14
> text (converted with ELinks at width 80) and 14 HTML files corresponding
> to them.

Oh, the HTMLs got stripped by the MIME type filter.  Let me try again
with the filter temporarily disabled.  I am actually unsure we should
have them in here (not just the text versions), but since I announced...

Alexander

View attachment "01-detached.html" of type "text/html" (66943 bytes)

View attachment "02-filename.html" of type "text/html" (114207 bytes)

View attachment "03-formfeed.html" of type "text/html" (20745 bytes)

View attachment "04-malleability.html" of type "text/html" (61539 bytes)

View attachment "05-memcpy.html" of type "text/html" (45226 bytes)

View attachment "06-minisign.html" of type "text/html" (12984 bytes)

View attachment "07-notdash.html" of type "text/html" (14110 bytes)

View attachment "08-notsoclear.html" of type "text/html" (36947 bytes)

View attachment "09-noverify.html" of type "text/html" (39668 bytes)

View attachment "10-nullbyte.html" of type "text/html" (26185 bytes)

View attachment "11-polyglot.html" of type "text/html" (36593 bytes)

View attachment "12-sha1.html" of type "text/html" (18741 bytes)

View attachment "13-trust.html" of type "text/html" (66885 bytes)

View attachment "14-trustcomment.html" of type "text/html" (8531 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.