Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Libgcrypt vulnerabilities (USN-8319-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8319-1 advisory. It was discovered that Libgcrypt incorrectly handled crafted ECDH ciphertext. An attacker could possibly use this issue t...

USN-8319-1 libgcrypt20 vulnerabilities

It was discovered that Libgcrypt incorrectly handled crafted ECDH ciphertext. An attacker could possibly use this issue to cause Libgcrypt to crash, resulting in a denial of service. CVE-2026-41989 It was discovered that Libgcrypt incorrectly handled Dilithium signing. An attacker could possibly...

libssh: Memory Exhaustion via Repeated Key Exchange in libssh

A flaw was found in libssh's handling of key exchange KEX processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when...

Amazon Linux 2023 : libgcrypt, libgcrypt-devel (ALAS2023-2026-1705)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1705 advisory. Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt. CVE-2026-41989 Tenable has extracted the preceding description...

OESA-2026-2348 libgcrypt security update

Libgcrypt is a general purpose cryptographic library originally based on code from GnuPG. Security Fixes: Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt.CVE-2026-41989...

OESA-2026-2347 libgcrypt security update

Libgcrypt is a general purpose cryptographic library originally based on code from GnuPG. Security Fixes: Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt.CVE-2026-41989...

OESA-2026-2346 libgcrypt security update

Libgcrypt is a general purpose cryptographic library originally based on code from GnuPG. Security Fixes: Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt.CVE-2026-41989...

OESA-2026-2345 libgcrypt security update

Libgcrypt is a general purpose cryptographic library originally based on code from GnuPG. Security Fixes: Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt.CVE-2026-41989...

Medium: libgcrypt

Issue Overview: Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt. CVE-2026-41989 Affected Packages: libgcrypt Issue Correction: Run dnf update libgcrypt --releasever 2023.11.20260514 or dnf update --advisory...

JLSEC-2026-496 Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via...

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt...

JLSEC-2026-497 Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds...

Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data...

Unity Linux 20.1060e / 20.1070e Security Update: libgcrypt (UTSA-2026-017437)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017437 advisory. The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous...

Unity Linux 20.1060e / 20.1070e Security Update: libgcrypt (UTSA-2026-017573)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017573 advisory. Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and...

CVE-2026-41989 affecting package libgcrypt for versions less than 1.10.3-2

CVE-2026-41989 affecting package libgcrypt for versions less than 1.10.3-2. A patched version of the package is available...

Astra Linux - уязвимость в libgcrypt20

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's...

[SECURITY] Fedora 43 Update: libgcrypt-1.11.1-4.fc43

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

[SECURITY] Fedora 44 Update: libgcrypt-1.12.2-1.fc44

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

Fedora 43 : libgcrypt (2026-8409145c11)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8409145c11 advisory. Fix CVE-2026-41989 2461782 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Fedora 44 : libgcrypt (2026-9a79c58afd)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9a79c58afd advisory. New upstream release 2458643 fixing CVE-2026-41989 2461782 Tenable has extracted the preceding description block directly from the Fedora security advisory...

CVE-2026-41990

A flaw was found in Libgcrypt. During Dilithium signing operations, the library fails to perform a bounds check when writing to a static array. While the data involved is not directly controlled by an attacker, this vulnerability could lead to memory corruption, potentially resulting in a denial ...