407 matches found
UBUNTU-CVE-2026-57062
CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2...
EUVD-2026-38550
CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...
CVE-2026-57062
CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...
CVE-2026-57062
CVE-2026-57062: The CMS parsing in GnuPG’s gpgsm (up to version 2.5.20) mishandles AES-GCM when processing CMS structures, accepting an aes-ICVlen of 4 bytes instead of the required 12. This is a component/format handling flaw in GnuPG’s CMS implementation. The CVE record cites a related issue (C...
EulerOS Virtualization 2.13.0 : gnupg2 (EulerOS-SA-2026-2167)
According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an...
EulerOS Virtualization 2.13.1 : gnupg2 (EulerOS-SA-2026-2128)
According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an...
[SECURITY] Fedora 44 Update: rust-sequoia-chameleon-gnupg-0.13.1-13.fc44
Sequoia's reimplementation of the GnuPG interface...
[SECURITY] Fedora 43 Update: rust-sequoia-chameleon-gnupg-0.13.1-13.fc43
Sequoia's reimplementation of the GnuPG interface...
JLSEC-2026-563 In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where...
In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. For ExtendedLTS, 2.2.51 and later are fixed versions...
JLSEC-2026-562 In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary...
In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...
JLSEC-2026-566 In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success...
In GnuPG before 2.5.17, a long signature packet length causes parsesignature to return success with sig-data set to a NULL value, leading to a denial of service application crash...
JLSEC-2026-565 In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the...
In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys...
[SECURITY] Fedora 43 Update: rust-sequoia-chameleon-gnupg-0.13.1-12.fc43
Sequoia's reimplementation of the GnuPG interface...
[SECURITY] Fedora 42 Update: rust-sequoia-chameleon-gnupg-0.13.1-12.fc42
Sequoia's reimplementation of the GnuPG interface...
[SECURITY] Fedora 44 Update: rust-sequoia-chameleon-gnupg-0.13.1-12.fc44
Sequoia's reimplementation of the GnuPG interface...
GNU Privacy Guard 2.5.20
GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...
Astra Linux – Vulnerability in gnupg2
A flaw was discovered in the way certificate signatures can be forged using collisions found in the SHA-1 algorithm. Attackers could exploit this weakness to create forged certificate signatures. This issue affects GnuPG versions prior to 2.2.18...
[SECURITY] Fedora 43 Update: libgcrypt-1.11.1-4.fc43
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...
Security Bulletin: Vulnerability in gnupg affects IBM Netezza Appliance
Summary The gnupg package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVECVE-2025-68973 Vulnerability Details CVEID:CVE-2025-68973 DESCRIPTION: In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: gnupg2: gnupg2-2.4.9-5.1.hum1 aarch64, x8664 gnupg2-dirmngr-2.4.9-5.1.hum1 aarch64, x8664 gnupg2-g13-2.4.9-5.1.hum1 aarch64, x8664 gnupg2-gpg-agent-2.4.9-5.1.hum1 aarch64, x8664...