CVE-2026-24882

High CVSS: 8.4

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.

Vendor

Product

CWE

Yayın Tarihi

2026-01-27 19:16:16

Güncelleme

2026-02-06 17:50:53

Source Identifier

cve@mitre.org

KEV Date Added

CWE-121 Gnupg HIGH Gnupg 2026

https://dev.gnupg.org/T8045 https://www.openwall.com/lists/oss-security/2026/01/27/8

High

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause…

Low

CVE-2026-24883

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to…

High

CVE-2025-68973

In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leadin…

Medium

CVE-2025-68972

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified…

Low

CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid bac…