Approved changes feed: RSS · Atom
cpe:2.3:a:gnupg:gnupg:*:*:*:*:-:*:*:*
part: a version: * update: *
| Vendor | Gnupg (cf567c2a-c134-5510-af9f-62e22a797e74) |
|---|---|
| Product | Gnupg (4cf32d1a-56d5-5ea8-b76d-a28fa2edc257) |
| Edition | * |
| Language | * |
| Software edition | - |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/gnupg |
purl2cpe | 2026-06-01 10:12:44.150335 |
pkg:deb/ubuntu/gnupg |
purl2cpe | 2026-06-01 10:12:44.150338 |
pkg:github/gpg/gnupg |
purl2cpe | 2026-06-01 10:12:44.150341 |
pkg:gnupg/gnupg |
purl2cpe | 2026-06-01 10:12:44.150344 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-24883 |
vulnerable | 2026-06-08 07:53:18.620699 |
Details available
LOW (3.7)
In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).
Published: 2026-01-27T18:43:18.883Z
Updated: 2026-01-28T15:52:11.076Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-24882 |
vulnerable | 2026-06-08 07:53:18.619857 |
Details available
HIGH (8.4)
In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.
Published: 2026-01-27T18:40:18.166Z
Updated: 2026-06-30T12:06:35.713Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-24881 |
vulnerable | 2026-06-08 07:53:18.618168 |
Details available
HIGH (8.1)
In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.
Published: 2026-01-27T18:36:56.727Z
Updated: 2026-06-30T12:06:35.993Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-68973 |
vulnerable | 2026-06-08 07:41:21.999950 |
Details available
HIGH (7.8)
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
Published: 2025-12-28T16:19:11.019Z
Updated: 2026-04-30T03:55:53.604Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-68972 |
vulnerable | 2026-06-08 07:41:21.999403 |
Details available
MEDIUM (5.9)
In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.
Published: 2025-12-27T22:52:30.957Z
Updated: 2026-01-02T20:44:27.393Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3515 |
vulnerable | 2026-06-08 05:48:21.328109 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.