Search

Find a vulnerability

Search criteria

    73 vulnerabilities found for gnupg by gnupg

    CVE-2026-57062 (GCVE-0-2026-57062)

    Vulnerability from nvd – Published: 2026-06-23 17:26 – Updated: 2026-06-23 17:35
    VLAI
    Summary
    CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    Impacted products
    Vendor Product Version
    GnuPG GnuPG Affected: 0 , ≤ 2.5.20 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57062",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T17:35:24.722258Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T17:35:30.113Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "GnuPG",
              "vendor": "GnuPG",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.5.20",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-23T17:26:25.133Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://blog.calif.io/p/how-to-format-a-ciphertext"
            },
            {
              "url": "https://www.gnupg.org/download/"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-57062",
        "datePublished": "2026-06-23T17:26:25.133Z",
        "dateReserved": "2026-06-23T17:26:24.801Z",
        "dateUpdated": "2026-06-23T17:35:30.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24883 (GCVE-0-2026-24883)

    Vulnerability from nvd – Published: 2026-01-27 18:43 – Updated: 2026-01-28 15:52
    VLAI
    Summary
    In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    GnuPG GnuPG Affected: 2.5.3 , < 2.5.17 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24883",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-27T20:02:25.525861Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-27T20:02:38.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GnuPG",
              "vendor": "GnuPG",
              "versions": [
                {
                  "lessThan": "2.5.17",
                  "status": "affected",
                  "version": "2.5.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.5.17",
                      "versionStartIncluding": "2.5.3",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig-\u003edata[] set to a NULL value, leading to a denial of service (application crash)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-28T15:52:11.076Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.openwall.com/lists/oss-security/2026/01/27/8"
            },
            {
              "url": "https://dev.gnupg.org/T8049"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-24883",
        "datePublished": "2026-01-27T18:43:18.883Z",
        "dateReserved": "2026-01-27T18:43:18.620Z",
        "dateUpdated": "2026-01-28T15:52:11.076Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24882 (GCVE-0-2026-24882)

    Vulnerability from nvd – Published: 2026-01-27 18:40 – Updated: 2026-06-30 12:06
    VLAI
    Summary
    In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24882",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-27T20:07:25.362188Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-27T20:07:38.876Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-01-27T18:40:18.166Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-121",
                    "description": "Stack-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:35.713Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-24882"
              },
              {
                "name": "RHBZ#2433464",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433464"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24882.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:2753"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:2719"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:2753: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:2719: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-27T19:00:57.683Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-01-27T18:40:18.166Z",
                "value": "Made public."
              }
            ],
            "title": "GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GnuPG",
              "vendor": "GnuPG",
              "versions": [
                {
                  "lessThan": "2.5.17",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.5.17",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-28T15:45:56.231Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.openwall.com/lists/oss-security/2026/01/27/8"
            },
            {
              "url": "https://dev.gnupg.org/T8045"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-24882",
        "datePublished": "2026-01-27T18:40:18.166Z",
        "dateReserved": "2026-01-27T18:40:17.903Z",
        "dateUpdated": "2026-06-30T12:06:35.713Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24881 (GCVE-0-2026-24881)

    Vulnerability from nvd – Published: 2026-01-27 18:36 – Updated: 2026-06-30 12:06
    VLAI
    Summary
    In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24881",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-27T20:08:45.733664Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-27T20:08:54.449Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-01-27T18:36:56.727Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-121",
                    "description": "Stack-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:35.993Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-24881"
              },
              {
                "name": "RHBZ#2433480",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433480"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24881.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-27T19:02:29.973Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-01-27T18:36:56.727Z",
                "value": "Made public."
              }
            ],
            "title": "GnuPG: GnuPG: Remote code execution and denial of service via crafted CMS EnvelopedData message",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GnuPG",
              "vendor": "GnuPG",
              "versions": [
                {
                  "lessThan": "2.5.17",
                  "status": "affected",
                  "version": "2.5.13",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.5.17",
                      "versionStartIncluding": "2.5.13",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-27T18:52:54.994Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.openwall.com/lists/oss-security/2026/01/27/8"
            },
            {
              "url": "https://dev.gnupg.org/T8044"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-24881",
        "datePublished": "2026-01-27T18:36:56.727Z",
        "dateReserved": "2026-01-27T18:36:56.490Z",
        "dateUpdated": "2026-06-30T12:06:35.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-68973 (GCVE-0-2025-68973)

    Vulnerability from nvd – Published: 2025-12-28 16:19 – Updated: 2026-04-30 03:55
    VLAI
    Summary
    In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-675 - Multiple Operations on Resource in Single-Operation Context
    Assigner
    Impacted products
    Vendor Product Version
    GnuPG GnuPG Affected: 0 , < 2.2.51 (semver)
    Affected: 2.3.0 , < 2.4.9 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-68973",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-30T03:55:53.604Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gpg.fail/memcpy"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-01-14T19:04:33.329Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/12/29/11"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "GnuPG",
              "vendor": "GnuPG",
              "versions": [
                {
                  "lessThan": "2.2.51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.4.9",
                  "status": "affected",
                  "version": "2.3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.2.51",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.4.9",
                      "versionStartIncluding": "2.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-675",
                  "description": "CWE-675 Multiple Operations on Resource in Single-Operation Context",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-02T20:43:57.832Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gpg.fail/memcpy"
            },
            {
              "url": "https://news.ycombinator.com/item?id=46403200"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2025/12/28/5"
            },
            {
              "url": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9"
            },
            {
              "url": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306"
            },
            {
              "url": "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51"
            },
            {
              "url": "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-68973",
        "datePublished": "2025-12-28T16:19:11.019Z",
        "dateReserved": "2025-12-28T16:19:10.762Z",
        "dateUpdated": "2026-04-30T03:55:53.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-68972 (GCVE-0-2025-68972)

    Vulnerability from nvd – Published: 2025-12-27 22:52 – Updated: 2026-01-02 20:44
    VLAI
    Summary
    In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    GnuPG GnuPG Affected: 0 , ≤ 2.4.8 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-68972",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T16:42:56.411653Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T16:51:02.621Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gpg.fail/formfeed"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "GnuPG",
              "vendor": "GnuPG",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.4.8",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-02T20:44:27.393Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gpg.fail/formfeed"
            },
            {
              "url": "https://news.ycombinator.com/item?id=46404339"
            },
            {
              "url": "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-68972",
        "datePublished": "2025-12-27T22:52:30.957Z",
        "dateReserved": "2025-12-27T22:52:30.688Z",
        "dateUpdated": "2026-01-02T20:44:27.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-30258 (GCVE-0-2025-30258)

    Vulnerability from nvd – Published: 2025-03-19 00:00 – Updated: 2025-03-19 20:49
    VLAI
    Summary
    In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    GnuPG GnuPG Affected: 0 , < 2.5.5 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30258",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-19T20:49:18.249360Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-19T20:49:22.417Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GnuPG",
              "vendor": "GnuPG",
              "versions": [
                {
                  "lessThan": "2.5.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.5.5",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\""
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-19T19:25:20.407Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html"
            },
            {
              "url": "https://dev.gnupg.org/T7527"
            },
            {
              "url": "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158"
            }
          ],
          "x_generator": {
            "engine": "enrichogram 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-30258",
        "datePublished": "2025-03-19T00:00:00.000Z",
        "dateReserved": "2025-03-19T00:00:00.000Z",
        "dateUpdated": "2025-03-19T20:49:22.417Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3219 (GCVE-0-2022-3219)

    Vulnerability from nvd – Published: 2023-02-23 00:00 – Updated: 2025-03-12 20:45
    VLAI
    Summary
    GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • denial of service
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    n/a gnupg Affected: gnupg2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:00:10.537Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dev.gnupg.org/D556"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2022-3219"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127010"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dev.gnupg.org/T5993"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230324-0001/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 3.3,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3219",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-12T20:45:10.437460Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-12T20:45:46.104Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "gnupg",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "gnupg2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-24T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://dev.gnupg.org/D556"
            },
            {
              "url": "https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4"
            },
            {
              "url": "https://access.redhat.com/security/cve/CVE-2022-3219"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127010"
            },
            {
              "url": "https://dev.gnupg.org/T5993"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230324-0001/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-3219",
        "datePublished": "2023-02-23T00:00:00.000Z",
        "dateReserved": "2022-09-15T00:00:00.000Z",
        "dateUpdated": "2025-03-12T20:45:46.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3515 (GCVE-0-2022-3515)

    Vulnerability from nvd – Published: 2023-01-12 00:00 – Updated: 2025-04-08 15:48
    VLAI
    Summary
    A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - - Integer Overflow or Wraparound
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Vendor Product Version
    n/a libksba Affected: Fixed in libksba v1.6.2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:14:02.956Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135610"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2022-3515"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230706-0008/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3515",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T15:48:11.884238Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-190",
                    "description": "CWE-190 Integer Overflow or Wraparound",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T15:48:31.667Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libksba",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in libksba v1.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 - Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-06T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135610"
            },
            {
              "url": "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html"
            },
            {
              "url": "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b"
            },
            {
              "url": "https://access.redhat.com/security/cve/CVE-2022-3515"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230706-0008/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-3515",
        "datePublished": "2023-01-12T00:00:00.000Z",
        "dateReserved": "2022-10-14T00:00:00.000Z",
        "dateUpdated": "2025-04-08T15:48:31.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-34903 (GCVE-0-2022-34903)

    Vulnerability from nvd – Published: 2022-07-01 21:05 – Updated: 2024-08-03 09:22
    VLAI
    Summary
    GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:22:10.754Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2022/06/30/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/1014157"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://dev.gnupg.org/T6027"
              },
              {
                "name": "[oss-security] 20220702 Re: GnuPG signature spoofing via status line injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/07/02/1"
              },
              {
                "name": "DSA-5174",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5174"
              },
              {
                "name": "FEDORA-2022-aa14d396dd",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/"
              },
              {
                "name": "FEDORA-2022-1124e5882d",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/"
              },
              {
                "name": "FEDORA-2022-0dbfb7e270",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/"
              },
              {
                "name": "FEDORA-2022-1747eea46c",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220826-0005/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim\u0027s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-26T14:06:28.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2022/06/30/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.debian.org/1014157"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://dev.gnupg.org/T6027"
            },
            {
              "name": "[oss-security] 20220702 Re: GnuPG signature spoofing via status line injection",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/07/02/1"
            },
            {
              "name": "DSA-5174",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5174"
            },
            {
              "name": "FEDORA-2022-aa14d396dd",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/"
            },
            {
              "name": "FEDORA-2022-1124e5882d",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/"
            },
            {
              "name": "FEDORA-2022-0dbfb7e270",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/"
            },
            {
              "name": "FEDORA-2022-1747eea46c",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220826-0005/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-34903",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim\u0027s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.openwall.com/lists/oss-security/2022/06/30/1",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2022/06/30/1"
                },
                {
                  "name": "https://bugs.debian.org/1014157",
                  "refsource": "MISC",
                  "url": "https://bugs.debian.org/1014157"
                },
                {
                  "name": "https://dev.gnupg.org/T6027",
                  "refsource": "MISC",
                  "url": "https://dev.gnupg.org/T6027"
                },
                {
                  "name": "[oss-security] 20220702 Re: GnuPG signature spoofing via status line injection",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/07/02/1"
                },
                {
                  "name": "DSA-5174",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5174"
                },
                {
                  "name": "FEDORA-2022-aa14d396dd",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/"
                },
                {
                  "name": "FEDORA-2022-1124e5882d",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/"
                },
                {
                  "name": "FEDORA-2022-0dbfb7e270",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/"
                },
                {
                  "name": "FEDORA-2022-1747eea46c",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220826-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220826-0005/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-34903",
        "datePublished": "2022-07-01T21:05:18.000Z",
        "dateReserved": "2022-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-03T09:22:10.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-25125 (GCVE-0-2020-25125)

    Vulnerability from nvd – Published: 2020-09-03 17:48 – Updated: 2024-08-04 15:26
    VLAI
    Summary
    GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:26:09.468Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://dev.gnupg.org/T5050"
              },
              {
                "name": "[oss-security] 20200903 GNUPG released with AEAD sec fix CVE-2020-25125",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/09/03/4"
              },
              {
                "name": "[oss-security] 20200903 CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/09/03/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker\u0027s OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-03T20:06:17.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://dev.gnupg.org/T5050"
            },
            {
              "name": "[oss-security] 20200903 GNUPG released with AEAD sec fix CVE-2020-25125",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/09/03/4"
            },
            {
              "name": "[oss-security] 20200903 CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/09/03/5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-25125",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker\u0027s OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034",
                  "refsource": "MISC",
                  "url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034"
                },
                {
                  "name": "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc",
                  "refsource": "MISC",
                  "url": "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html",
                  "refsource": "MISC",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html"
                },
                {
                  "name": "https://dev.gnupg.org/T5050",
                  "refsource": "MISC",
                  "url": "https://dev.gnupg.org/T5050"
                },
                {
                  "name": "[oss-security] 20200903 GNUPG released with AEAD sec fix CVE-2020-25125",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/09/03/4"
                },
                {
                  "name": "[oss-security] 20200903 CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/09/03/5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-25125",
        "datePublished": "2020-09-03T17:48:07.000Z",
        "dateReserved": "2020-09-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:26:09.468Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-14855 (GCVE-0-2019-14855)

    Vulnerability from nvd – Published: 2020-03-20 00:00 – Updated: 2024-08-05 00:26
    VLAI
    Summary
    A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat gnupg2 Affected: 2.2.18
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:26:39.140Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-4516-1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4516-1/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://rwc.iacr.org/2020/slides/Leurent.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dev.gnupg.org/T4755"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "gnupg2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.18"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-326",
                  "description": "CWE-326",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-07T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-4516-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://usn.ubuntu.com/4516-1/"
            },
            {
              "url": "https://rwc.iacr.org/2020/slides/Leurent.pdf"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855"
            },
            {
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html"
            },
            {
              "url": "https://dev.gnupg.org/T4755"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2019-14855",
        "datePublished": "2020-03-20T00:00:00.000Z",
        "dateReserved": "2019-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:26:39.140Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-0837 (GCVE-0-2015-0837)

    Vulnerability from nvd – Published: 2019-11-29 21:10 – Updated: 2024-08-06 04:26
    VLAI
    Summary
    The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    Impacted products
    Vendor Product Version
    GNU Libgcrypt Affected: before 1.6.3
    Create a notification for this product.
    GNU GnuPG Affected: before 1.4.19
    Create a notification for this product.
    Date Public
    2012-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:26:11.067Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3184"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3185"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ieeexplore.ieee.org/document/7163050"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Libgcrypt",
              "vendor": "GNU",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.6.3"
                }
              ]
            },
            {
              "product": "GnuPG",
              "vendor": "GNU",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.4.19"
                }
              ]
            }
          ],
          "datePublic": "2012-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-29T21:10:03.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3184"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3185"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ieeexplore.ieee.org/document/7163050"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2015-0837",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Libgcrypt",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.6.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GnuPG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.4.19"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GNU"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.debian.org/security/2015/dsa-3184",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3184"
                },
                {
                  "name": "http://www.debian.org/security/2015/dsa-3185",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3185"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html",
                  "refsource": "CONFIRM",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html",
                  "refsource": "CONFIRM",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
                },
                {
                  "name": "https://ieeexplore.ieee.org/document/7163050",
                  "refsource": "MISC",
                  "url": "https://ieeexplore.ieee.org/document/7163050"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2015-0837",
        "datePublished": "2019-11-29T21:10:03.000Z",
        "dateReserved": "2015-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:26:11.067Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3591 (GCVE-0-2014-3591)

    Vulnerability from nvd – Published: 2019-11-29 21:02 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    Impacted products
    Vendor Product Version
    GNU Libgcrypt Affected: before 1.6.3
    Create a notification for this product.
    GNU GnuPG Affected: before 1.4.19
    Create a notification for this product.
    Date Public
    2012-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:17.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3184"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3185"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Libgcrypt",
              "vendor": "GNU",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.6.3"
                }
              ]
            },
            {
              "product": "GnuPG",
              "vendor": "GNU",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.4.19"
                }
              ]
            }
          ],
          "datePublic": "2012-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server\u0027s private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-29T21:02:23.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3184"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3185"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-3591",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Libgcrypt",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.6.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GnuPG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.4.19"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GNU"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server\u0027s private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.cs.tau.ac.il/~tromer/radioexp/",
                  "refsource": "MISC",
                  "url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html",
                  "refsource": "MISC",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html",
                  "refsource": "MISC",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
                },
                {
                  "name": "http://www.debian.org/security/2015/dsa-3184",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3184"
                },
                {
                  "name": "http://www.debian.org/security/2015/dsa-3185",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3185"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3591",
        "datePublished": "2019-11-29T21:02:23.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:17.627Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-2207 (GCVE-0-2011-2207)

    Vulnerability from nvd – Published: 2019-11-27 18:06 – Updated: 2024-08-06 22:53
    VLAI
    Summary
    dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.
    Severity
    No CVSS data available.
    CWE
    • Improper dealing with blocking system calls, when verifying a certificate
    Assigner
    Impacted products
    Vendor Product Version
    dirmngr dirmngr Affected: 1.1.0
    Affected: fixed in 2.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:53:17.536Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2011-2207"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2207"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2011-2207"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627377"
              },
              {
                "name": "[oss-security] 20110615 Re: CVE Request / Discussion -- dirmngr -- Improper  dealing with blocking system calls, when verifying a certificate",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2011/06/15/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dirmngr",
              "vendor": "dirmngr",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "fixed in 2.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper dealing with blocking system calls, when verifying a certificate",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-27T18:06:44.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2011-2207"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2207"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2011-2207"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627377"
            },
            {
              "name": "[oss-security] 20110615 Re: CVE Request / Discussion -- dirmngr -- Improper  dealing with blocking system calls, when verifying a certificate",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2011/06/15/6"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-2207",
        "datePublished": "2019-11-27T18:06:44.000Z",
        "dateReserved": "2011-05-31T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:53:17.536Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-57062 (GCVE-0-2026-57062)

    Vulnerability from cvelistv5 – Published: 2026-06-23 17:26 – Updated: 2026-06-23 17:35
    VLAI
    Summary
    CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    Impacted products
    Vendor Product Version
    GnuPG GnuPG Affected: 0 , ≤ 2.5.20 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57062",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T17:35:24.722258Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T17:35:30.113Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "GnuPG",
              "vendor": "GnuPG",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.5.20",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-23T17:26:25.133Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://blog.calif.io/p/how-to-format-a-ciphertext"
            },
            {
              "url": "https://www.gnupg.org/download/"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-57062",
        "datePublished": "2026-06-23T17:26:25.133Z",
        "dateReserved": "2026-06-23T17:26:24.801Z",
        "dateUpdated": "2026-06-23T17:35:30.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24883 (GCVE-0-2026-24883)

    Vulnerability from cvelistv5 – Published: 2026-01-27 18:43 – Updated: 2026-01-28 15:52
    VLAI
    Summary
    In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    GnuPG GnuPG Affected: 2.5.3 , < 2.5.17 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24883",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-27T20:02:25.525861Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-27T20:02:38.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GnuPG",
              "vendor": "GnuPG",
              "versions": [
                {
                  "lessThan": "2.5.17",
                  "status": "affected",
                  "version": "2.5.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.5.17",
                      "versionStartIncluding": "2.5.3",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig-\u003edata[] set to a NULL value, leading to a denial of service (application crash)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-28T15:52:11.076Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.openwall.com/lists/oss-security/2026/01/27/8"
            },
            {
              "url": "https://dev.gnupg.org/T8049"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-24883",
        "datePublished": "2026-01-27T18:43:18.883Z",
        "dateReserved": "2026-01-27T18:43:18.620Z",
        "dateUpdated": "2026-01-28T15:52:11.076Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24882 (GCVE-0-2026-24882)

    Vulnerability from cvelistv5 – Published: 2026-01-27 18:40 – Updated: 2026-06-30 12:06
    VLAI
    Summary
    In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24882",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-27T20:07:25.362188Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-27T20:07:38.876Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-01-27T18:40:18.166Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-121",
                    "description": "Stack-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:35.713Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-24882"
              },
              {
                "name": "RHBZ#2433464",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433464"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24882.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:2753"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:2719"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:2753: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:2719: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-27T19:00:57.683Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-01-27T18:40:18.166Z",
                "value": "Made public."
              }
            ],
            "title": "GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GnuPG",
              "vendor": "GnuPG",
              "versions": [
                {
                  "lessThan": "2.5.17",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.5.17",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-28T15:45:56.231Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.openwall.com/lists/oss-security/2026/01/27/8"
            },
            {
              "url": "https://dev.gnupg.org/T8045"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-24882",
        "datePublished": "2026-01-27T18:40:18.166Z",
        "dateReserved": "2026-01-27T18:40:17.903Z",
        "dateUpdated": "2026-06-30T12:06:35.713Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24881 (GCVE-0-2026-24881)

    Vulnerability from cvelistv5 – Published: 2026-01-27 18:36 – Updated: 2026-06-30 12:06
    VLAI
    Summary
    In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24881",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-27T20:08:45.733664Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-27T20:08:54.449Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-01-27T18:36:56.727Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component. Successful exploitation may lead to a denial of service and potentially remote code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-121",
                    "description": "Stack-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:35.993Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-24881"
              },
              {
                "name": "RHBZ#2433480",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433480"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24881.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-27T19:02:29.973Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-01-27T18:36:56.727Z",
                "value": "Made public."
              }
            ],
            "title": "GnuPG: GnuPG: Remote code execution and denial of service via crafted CMS EnvelopedData message",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GnuPG",
              "vendor": "GnuPG",
              "versions": [
                {
                  "lessThan": "2.5.17",
                  "status": "affected",
                  "version": "2.5.13",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.5.17",
                      "versionStartIncluding": "2.5.13",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-27T18:52:54.994Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.openwall.com/lists/oss-security/2026/01/27/8"
            },
            {
              "url": "https://dev.gnupg.org/T8044"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-24881",
        "datePublished": "2026-01-27T18:36:56.727Z",
        "dateReserved": "2026-01-27T18:36:56.490Z",
        "dateUpdated": "2026-06-30T12:06:35.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-68973 (GCVE-0-2025-68973)

    Vulnerability from cvelistv5 – Published: 2025-12-28 16:19 – Updated: 2026-04-30 03:55
    VLAI
    Summary
    In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-675 - Multiple Operations on Resource in Single-Operation Context
    Assigner
    Impacted products
    Vendor Product Version
    GnuPG GnuPG Affected: 0 , < 2.2.51 (semver)
    Affected: 2.3.0 , < 2.4.9 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-68973",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-30T03:55:53.604Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gpg.fail/memcpy"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-01-14T19:04:33.329Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/12/29/11"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "GnuPG",
              "vendor": "GnuPG",
              "versions": [
                {
                  "lessThan": "2.2.51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.4.9",
                  "status": "affected",
                  "version": "2.3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.2.51",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.4.9",
                      "versionStartIncluding": "2.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-675",
                  "description": "CWE-675 Multiple Operations on Resource in Single-Operation Context",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-02T20:43:57.832Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gpg.fail/memcpy"
            },
            {
              "url": "https://news.ycombinator.com/item?id=46403200"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2025/12/28/5"
            },
            {
              "url": "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9"
            },
            {
              "url": "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306"
            },
            {
              "url": "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51"
            },
            {
              "url": "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-68973",
        "datePublished": "2025-12-28T16:19:11.019Z",
        "dateReserved": "2025-12-28T16:19:10.762Z",
        "dateUpdated": "2026-04-30T03:55:53.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-68972 (GCVE-0-2025-68972)

    Vulnerability from cvelistv5 – Published: 2025-12-27 22:52 – Updated: 2026-01-02 20:44
    VLAI
    Summary
    In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    GnuPG GnuPG Affected: 0 , ≤ 2.4.8 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-68972",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T16:42:56.411653Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T16:51:02.621Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gpg.fail/formfeed"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "GnuPG",
              "vendor": "GnuPG",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.4.8",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-02T20:44:27.393Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gpg.fail/formfeed"
            },
            {
              "url": "https://news.ycombinator.com/item?id=46404339"
            },
            {
              "url": "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-68972",
        "datePublished": "2025-12-27T22:52:30.957Z",
        "dateReserved": "2025-12-27T22:52:30.688Z",
        "dateUpdated": "2026-01-02T20:44:27.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-30258 (GCVE-0-2025-30258)

    Vulnerability from cvelistv5 – Published: 2025-03-19 00:00 – Updated: 2025-03-19 20:49
    VLAI
    Summary
    In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    GnuPG GnuPG Affected: 0 , < 2.5.5 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30258",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-19T20:49:18.249360Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-19T20:49:22.417Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GnuPG",
              "vendor": "GnuPG",
              "versions": [
                {
                  "lessThan": "2.5.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.5.5",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\""
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-19T19:25:20.407Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html"
            },
            {
              "url": "https://dev.gnupg.org/T7527"
            },
            {
              "url": "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158"
            }
          ],
          "x_generator": {
            "engine": "enrichogram 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-30258",
        "datePublished": "2025-03-19T00:00:00.000Z",
        "dateReserved": "2025-03-19T00:00:00.000Z",
        "dateUpdated": "2025-03-19T20:49:22.417Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3219 (GCVE-0-2022-3219)

    Vulnerability from cvelistv5 – Published: 2023-02-23 00:00 – Updated: 2025-03-12 20:45
    VLAI
    Summary
    GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • denial of service
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    n/a gnupg Affected: gnupg2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:00:10.537Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dev.gnupg.org/D556"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2022-3219"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127010"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dev.gnupg.org/T5993"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230324-0001/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 3.3,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3219",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-12T20:45:10.437460Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-12T20:45:46.104Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "gnupg",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "gnupg2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-24T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://dev.gnupg.org/D556"
            },
            {
              "url": "https://marc.info/?l=oss-security\u0026m=165696590211434\u0026w=4"
            },
            {
              "url": "https://access.redhat.com/security/cve/CVE-2022-3219"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127010"
            },
            {
              "url": "https://dev.gnupg.org/T5993"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230324-0001/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-3219",
        "datePublished": "2023-02-23T00:00:00.000Z",
        "dateReserved": "2022-09-15T00:00:00.000Z",
        "dateUpdated": "2025-03-12T20:45:46.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3515 (GCVE-0-2022-3515)

    Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-08 15:48
    VLAI
    Summary
    A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - - Integer Overflow or Wraparound
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Vendor Product Version
    n/a libksba Affected: Fixed in libksba v1.6.2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:14:02.956Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135610"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2022-3515"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230706-0008/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3515",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T15:48:11.884238Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-190",
                    "description": "CWE-190 Integer Overflow or Wraparound",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T15:48:31.667Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libksba",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in libksba v1.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 - Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-06T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135610"
            },
            {
              "url": "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html"
            },
            {
              "url": "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b"
            },
            {
              "url": "https://access.redhat.com/security/cve/CVE-2022-3515"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230706-0008/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-3515",
        "datePublished": "2023-01-12T00:00:00.000Z",
        "dateReserved": "2022-10-14T00:00:00.000Z",
        "dateUpdated": "2025-04-08T15:48:31.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-34903 (GCVE-0-2022-34903)

    Vulnerability from cvelistv5 – Published: 2022-07-01 21:05 – Updated: 2024-08-03 09:22
    VLAI
    Summary
    GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:22:10.754Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2022/06/30/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/1014157"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://dev.gnupg.org/T6027"
              },
              {
                "name": "[oss-security] 20220702 Re: GnuPG signature spoofing via status line injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/07/02/1"
              },
              {
                "name": "DSA-5174",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5174"
              },
              {
                "name": "FEDORA-2022-aa14d396dd",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/"
              },
              {
                "name": "FEDORA-2022-1124e5882d",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/"
              },
              {
                "name": "FEDORA-2022-0dbfb7e270",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/"
              },
              {
                "name": "FEDORA-2022-1747eea46c",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220826-0005/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim\u0027s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-26T14:06:28.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2022/06/30/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.debian.org/1014157"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://dev.gnupg.org/T6027"
            },
            {
              "name": "[oss-security] 20220702 Re: GnuPG signature spoofing via status line injection",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/07/02/1"
            },
            {
              "name": "DSA-5174",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5174"
            },
            {
              "name": "FEDORA-2022-aa14d396dd",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/"
            },
            {
              "name": "FEDORA-2022-1124e5882d",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/"
            },
            {
              "name": "FEDORA-2022-0dbfb7e270",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/"
            },
            {
              "name": "FEDORA-2022-1747eea46c",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220826-0005/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-34903",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim\u0027s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.openwall.com/lists/oss-security/2022/06/30/1",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2022/06/30/1"
                },
                {
                  "name": "https://bugs.debian.org/1014157",
                  "refsource": "MISC",
                  "url": "https://bugs.debian.org/1014157"
                },
                {
                  "name": "https://dev.gnupg.org/T6027",
                  "refsource": "MISC",
                  "url": "https://dev.gnupg.org/T6027"
                },
                {
                  "name": "[oss-security] 20220702 Re: GnuPG signature spoofing via status line injection",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/07/02/1"
                },
                {
                  "name": "DSA-5174",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5174"
                },
                {
                  "name": "FEDORA-2022-aa14d396dd",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/"
                },
                {
                  "name": "FEDORA-2022-1124e5882d",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/"
                },
                {
                  "name": "FEDORA-2022-0dbfb7e270",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/"
                },
                {
                  "name": "FEDORA-2022-1747eea46c",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220826-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220826-0005/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-34903",
        "datePublished": "2022-07-01T21:05:18.000Z",
        "dateReserved": "2022-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-03T09:22:10.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-25125 (GCVE-0-2020-25125)

    Vulnerability from cvelistv5 – Published: 2020-09-03 17:48 – Updated: 2024-08-04 15:26
    VLAI
    Summary
    GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:26:09.468Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://dev.gnupg.org/T5050"
              },
              {
                "name": "[oss-security] 20200903 GNUPG released with AEAD sec fix CVE-2020-25125",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/09/03/4"
              },
              {
                "name": "[oss-security] 20200903 CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/09/03/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker\u0027s OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-03T20:06:17.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://dev.gnupg.org/T5050"
            },
            {
              "name": "[oss-security] 20200903 GNUPG released with AEAD sec fix CVE-2020-25125",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/09/03/4"
            },
            {
              "name": "[oss-security] 20200903 CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/09/03/5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-25125",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker\u0027s OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034",
                  "refsource": "MISC",
                  "url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1176034"
                },
                {
                  "name": "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc",
                  "refsource": "MISC",
                  "url": "https://dev.gnupg.org/rG8ec9573e57866dda5efb4677d4454161517484bc"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html",
                  "refsource": "MISC",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html"
                },
                {
                  "name": "https://dev.gnupg.org/T5050",
                  "refsource": "MISC",
                  "url": "https://dev.gnupg.org/T5050"
                },
                {
                  "name": "[oss-security] 20200903 GNUPG released with AEAD sec fix CVE-2020-25125",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/09/03/4"
                },
                {
                  "name": "[oss-security] 20200903 CVE-2020-25125: gnupg2: buffer overflow when importing a key with AEAD preferences",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/09/03/5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-25125",
        "datePublished": "2020-09-03T17:48:07.000Z",
        "dateReserved": "2020-09-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:26:09.468Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-14855 (GCVE-0-2019-14855)

    Vulnerability from cvelistv5 – Published: 2020-03-20 00:00 – Updated: 2024-08-05 00:26
    VLAI
    Summary
    A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat gnupg2 Affected: 2.2.18
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:26:39.140Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-4516-1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4516-1/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://rwc.iacr.org/2020/slides/Leurent.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dev.gnupg.org/T4755"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "gnupg2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.18"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-326",
                  "description": "CWE-326",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-07T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-4516-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://usn.ubuntu.com/4516-1/"
            },
            {
              "url": "https://rwc.iacr.org/2020/slides/Leurent.pdf"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855"
            },
            {
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html"
            },
            {
              "url": "https://dev.gnupg.org/T4755"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2019-14855",
        "datePublished": "2020-03-20T00:00:00.000Z",
        "dateReserved": "2019-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:26:39.140Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-0837 (GCVE-0-2015-0837)

    Vulnerability from cvelistv5 – Published: 2019-11-29 21:10 – Updated: 2024-08-06 04:26
    VLAI
    Summary
    The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    Impacted products
    Vendor Product Version
    GNU Libgcrypt Affected: before 1.6.3
    Create a notification for this product.
    GNU GnuPG Affected: before 1.4.19
    Create a notification for this product.
    Date Public
    2012-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:26:11.067Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3184"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3185"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ieeexplore.ieee.org/document/7163050"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Libgcrypt",
              "vendor": "GNU",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.6.3"
                }
              ]
            },
            {
              "product": "GnuPG",
              "vendor": "GNU",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.4.19"
                }
              ]
            }
          ],
          "datePublic": "2012-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-29T21:10:03.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3184"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3185"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ieeexplore.ieee.org/document/7163050"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2015-0837",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Libgcrypt",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.6.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GnuPG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.4.19"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GNU"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.debian.org/security/2015/dsa-3184",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3184"
                },
                {
                  "name": "http://www.debian.org/security/2015/dsa-3185",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3185"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html",
                  "refsource": "CONFIRM",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html",
                  "refsource": "CONFIRM",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
                },
                {
                  "name": "https://ieeexplore.ieee.org/document/7163050",
                  "refsource": "MISC",
                  "url": "https://ieeexplore.ieee.org/document/7163050"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2015-0837",
        "datePublished": "2019-11-29T21:10:03.000Z",
        "dateReserved": "2015-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:26:11.067Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3591 (GCVE-0-2014-3591)

    Vulnerability from cvelistv5 – Published: 2019-11-29 21:02 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    Impacted products
    Vendor Product Version
    GNU Libgcrypt Affected: before 1.6.3
    Create a notification for this product.
    GNU GnuPG Affected: before 1.4.19
    Create a notification for this product.
    Date Public
    2012-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:17.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3184"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3185"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Libgcrypt",
              "vendor": "GNU",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.6.3"
                }
              ]
            },
            {
              "product": "GnuPG",
              "vendor": "GNU",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.4.19"
                }
              ]
            }
          ],
          "datePublic": "2012-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server\u0027s private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-29T21:02:23.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3184"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3185"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-3591",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Libgcrypt",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.6.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GnuPG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.4.19"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GNU"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server\u0027s private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.cs.tau.ac.il/~tromer/radioexp/",
                  "refsource": "MISC",
                  "url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html",
                  "refsource": "MISC",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html",
                  "refsource": "MISC",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
                },
                {
                  "name": "http://www.debian.org/security/2015/dsa-3184",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3184"
                },
                {
                  "name": "http://www.debian.org/security/2015/dsa-3185",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3185"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3591",
        "datePublished": "2019-11-29T21:02:23.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:17.627Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    GCVE-1-2026-0001

    Vulnerability from gna-1 – Published: 2026-01-02 10:20 – Updated: 2026-01-02 13:31
    VLAI
    Title
    Bundle reference to gpg.fail
    Summary
    Reference to the gpg.fail 1.  Multiple Plaintext Attack on Detached PGP Signatures in GnuPG -  https://gpg.fail/detached 2.  GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field -  https://gpg.fail/filename 3.  Cleartext Signature Plaintext Truncated for Hash Calculation -  https://gpg.fail/formfeed 4.  Encrypted message malleability checks are incorrectly enforced causing plaintext recovery attacks -  https://gpg.fail/malleability 5.  Memory Corruption in ASCII-Armor Parsing -  https://gpg.fail/memcpy 6.  Trusted comment injection (minisign) -  https://gpg.fail/minisign 7.  Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG -  https://gpg.fail/notdash 8.  OpenPGP Cleartext Signature Framework Susceptible to Format Confusion -  https://gpg.fail/notsoclear 9.  GnuPG Output Fails To Distinguish Signature Verification Success From Message Content  https://gpg.fail/noverify 10.  Cleartext Signature Forgery in GnuPG -  https://gpg.fail/nullbyte 11.  Radix64 Line-Truncation Enabling Polyglot Attacks -  https://gpg.fail/polyglot 12.  GnuPG may downgrade digest algorithm to SHA1 during key signature checking -  https://gpg.fail/sha1 13.  GnuPG Trust Packet Parsing Enables Adding Arbitrary Subkeys -  https://gpg.fail/trust 14.  Trusted comment Injection (minisign) - https://gpg.fail/trustcomment
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    gnupg gnupg Affected:
    Create a notification for this product.
    Relationships

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "gnupg",
              "vendor": "gnupg",
              "versions": [
                {
                  "status": "affected"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eReference to the\u0026nbsp;gpg.fail\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e1.\u0026nbsp; Multiple Plaintext Attack on Detached PGP Signatures in GnuPG -\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gpg.fail/detached\"\u003ehttps://gpg.fail/detached\u003c/a\u003e\u003cbr\u003e2.\u0026nbsp; GnuPG Accepts Path Separators and Path Traversals in Literal Data \"Filename\" Field -\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gpg.fail/filename\"\u003ehttps://gpg.fail/filename\u003c/a\u003e\u003cbr\u003e3.\u0026nbsp; Cleartext Signature Plaintext Truncated for Hash Calculation -\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gpg.fail/formfeed\"\u003ehttps://gpg.fail/formfeed\u003c/a\u003e\u003cbr\u003e4.\u0026nbsp; Encrypted message malleability checks are incorrectly enforced causing plaintext recovery attacks -\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gpg.fail/malleability\"\u003ehttps://gpg.fail/malleability\u003c/a\u003e\u003cbr\u003e5.\u0026nbsp; Memory Corruption in ASCII-Armor Parsing -\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gpg.fail/memcpy\"\u003ehttps://gpg.fail/memcpy\u003c/a\u003e\u003cbr\u003e6.\u0026nbsp; Trusted comment injection (minisign) -\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gpg.fail/minisign\"\u003ehttps://gpg.fail/minisign\u003c/a\u003e\u003cbr\u003e7.\u0026nbsp; Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG -\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gpg.fail/notdash\"\u003ehttps://gpg.fail/notdash\u003c/a\u003e\u003cbr\u003e8.\u0026nbsp; OpenPGP Cleartext Signature Framework Susceptible to Format Confusion -\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gpg.fail/notsoclear\"\u003ehttps://gpg.fail/notsoclear\u003c/a\u003e\u003cbr\u003e9.\u0026nbsp; GnuPG Output Fails To Distinguish Signature Verification Success From Message Content\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gpg.fail/noverify\"\u003ehttps://gpg.fail/noverify\u003c/a\u003e\u003cbr\u003e10.\u0026nbsp; Cleartext Signature Forgery in GnuPG -\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gpg.fail/nullbyte\"\u003ehttps://gpg.fail/nullbyte\u003c/a\u003e\u003cbr\u003e11.\u0026nbsp; Radix64 Line-Truncation Enabling Polyglot Attacks -\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gpg.fail/polyglot\"\u003ehttps://gpg.fail/polyglot\u003c/a\u003e\u003cbr\u003e12.\u0026nbsp; GnuPG may downgrade digest algorithm to SHA1 during key signature checking -\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gpg.fail/sha1\"\u003ehttps://gpg.fail/sha1\u003c/a\u003e\u003cbr\u003e13.\u0026nbsp; GnuPG Trust Packet Parsing Enables Adding Arbitrary Subkeys -\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gpg.fail/trust\"\u003ehttps://gpg.fail/trust\u003c/a\u003e\u003cbr\u003e14.\u0026nbsp; Trusted comment Injection (minisign) - \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gpg.fail/trustcomment\"\u003ehttps://gpg.fail/trustcomment\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "Reference to the\u00a0gpg.fail\n\n\n\n\n1.\u00a0 Multiple Plaintext Attack on Detached PGP Signatures in GnuPG -\u00a0 https://gpg.fail/detached \n2.\u00a0 GnuPG Accepts Path Separators and Path Traversals in Literal Data \"Filename\" Field -\u00a0 https://gpg.fail/filename \n3.\u00a0 Cleartext Signature Plaintext Truncated for Hash Calculation -\u00a0 https://gpg.fail/formfeed \n4.\u00a0 Encrypted message malleability checks are incorrectly enforced causing plaintext recovery attacks -\u00a0 https://gpg.fail/malleability \n5.\u00a0 Memory Corruption in ASCII-Armor Parsing -\u00a0 https://gpg.fail/memcpy \n6.\u00a0 Trusted comment injection (minisign) -\u00a0 https://gpg.fail/minisign \n7.\u00a0 Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG -\u00a0 https://gpg.fail/notdash \n8.\u00a0 OpenPGP Cleartext Signature Framework Susceptible to Format Confusion -\u00a0 https://gpg.fail/notsoclear \n9.\u00a0 GnuPG Output Fails To Distinguish Signature Verification Success From Message Content\u00a0 https://gpg.fail/noverify \n10.\u00a0 Cleartext Signature Forgery in GnuPG -\u00a0 https://gpg.fail/nullbyte \n11.\u00a0 Radix64 Line-Truncation Enabling Polyglot Attacks -\u00a0 https://gpg.fail/polyglot \n12.\u00a0 GnuPG may downgrade digest algorithm to SHA1 during key signature checking -\u00a0 https://gpg.fail/sha1 \n13.\u00a0 GnuPG Trust Packet Parsing Enables Adding Arbitrary Subkeys -\u00a0 https://gpg.fail/trust \n14.\u00a0 Trusted comment Injection (minisign) -  https://gpg.fail/trustcomment"
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "orgId": "00000000-0000-4000-9000-000000000000"
          },
          "references": [
            {
              "url": "https://gpg.fail/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Bundle reference to gpg.fail",
          "x_gcve": [
            {
              "recordType": "advisory",
              "vulnId": "gcve-1-2026-0001"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "00000000-0000-4000-9000-000000000000",
        "datePublished": "2026-01-02T10:20:00.000Z",
        "dateUpdated": "2026-01-02T13:31:14.359346Z",
        "requesterUserId": "00000000-0000-4000-9000-000000000000",
        "serial": 1,
        "state": "PUBLISHED",
        "vulnId": "gcve-1-2026-0001",
        "vulnerabilitylookup_history": [
          [
            "alexandre.dulaunoy@circl.lu",
            "2026-01-02T10:20:24.357623Z"
          ],
          [
            "alexandre.dulaunoy@circl.lu",
            "2026-01-02T10:20:45.873825Z"
          ],
          [
            "alexandre.dulaunoy@circl.lu",
            "2026-01-02T13:28:12.107109Z"
          ],
          [
            "alexandre.dulaunoy@circl.lu",
            "2026-01-02T13:31:14.359346Z"
          ]
        ]
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }