CVE-2026-24883

Low CVSS: 3.7

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).

Vendor

Gnupg

Product

Gnupg

CWE

CWE-476

Yayın Tarihi

2026-01-27 19:16:16

Güncelleme

2026-02-06 18:06:07

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-476 Gnupg LOW Gnupg 2026

Referanslar

https://dev.gnupg.org/T8049 https://www.openwall.com/lists/oss-security/2026/01/27/8

Benzer Kayıtlar

High

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause…

High

CVE-2026-24882

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for…

High

CVE-2025-68973

In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leadin…

Medium

CVE-2025-68972

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified…

Low

CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid bac…