CVE Details
| CVE ID |
Severity |
Affected Package |
Installed Version |
Fixed Version |
Date Published |
Date of Scan |
| CVE-2025-68973 |
HIGH |
gnupg2 |
2.0.22-5.amzn2.0.5 |
2.0.22-5.amzn2.0.6 |
2025-12-28T17:16:01.5Z |
2026-01-23T10:18:23.308592219Z |
Affected Docker Images
| Image Name |
SHA |
public.ecr.aws/lambda/provided:al2 |
public.ecr.aws/lambda/provided@sha256:91999d3f57c058711ba8fd17b0eb25df4309d7df31856d2597e6c065e9d2e87a |
public.ecr.aws/lambda/python:3.11 |
public.ecr.aws/lambda/python@sha256:e3ff92d11a35ba659794b89e612a73e17bb009b6075757314cf931b378b90a8a |
public.ecr.aws/lambda/python:3.10 |
public.ecr.aws/lambda/python@sha256:f3ec524265e82a868ae32afd8c3edf2dd3f442ea5470640b0e68c5cb2aadaea4 |
public.ecr.aws/lambda/java:17 |
public.ecr.aws/lambda/java@sha256:d15321d0393dd68c1849e935a72c9a0257c6e910bd4c17bf74e67cab16ab7904 |
public.ecr.aws/lambda/java:11 |
public.ecr.aws/lambda/java@sha256:07a9febee8af8bda06d4e7160ea922dfc04b712941643ccd460f5a4a31cf0573 |
public.ecr.aws/lambda/java:8.al2 |
public.ecr.aws/lambda/java@sha256:efae07fcc5e8d6256d84fba688337c5e8a8fc8cc746a362eb41d7d779b438b9d |
public.ecr.aws/lambda/ruby:3.2 |
public.ecr.aws/lambda/ruby@sha256:4345f89655eba8ada7a695961140ae99d9dfeba48038bdaaa2bef1b110cdf90a |
Description
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
Remediation Steps
- Update the affected package
gnupg2 from version 2.0.22-5.amzn2.0.5 to 2.0.22-5.amzn2.0.6.
About this issue
- This issue may not contain all the information about the CVE nor the images it affects.
- This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
- For more, visit Lambda Watchdog.
- This issue was created automatically by Lambda Watchdog.
