CVE-2026-24881

High CVSS: 8.1

In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.

Vendor

Gnupg

Product

Gnupg

CWE

CWE-121

Yayın Tarihi

2026-01-27 19:16:16

Güncelleme

2026-02-12 18:15:38

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-121 Gnupg HIGH Gnupg 2026

Referanslar

https://dev.gnupg.org/T8044 https://www.openwall.com/lists/oss-security/2026/01/27/8

Benzer Kayıtlar

High

CVE-2026-24882

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for…

Low

CVE-2026-24883

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to…

High

CVE-2025-68973

In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leadin…

Medium

CVE-2025-68972

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified…

Low

CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid bac…