CVE-2026-57062

CVE-2026-57062: The CMS parsing in GnuPG’s gpgsm (up to version 2.5.20) mishandles AES-GCM when processing CMS structures, accepting an aes-ICVlen of 4 bytes instead of the required 12. This is a component/format handling flaw in GnuPG’s CMS implementation. The CVE record cites a related issue (C...

CVE-2026-57062

CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...

EUVD-2026-38550

CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...

CVE-2026-56968

GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted server...

CVE-2026-57053

CVE-2026-57053 affects GNU libidn before 1.44, with out-of-bounds reads of uninitialized memory in the ToUnicode APIs due to mishandling in idna_to_unicode_internal; the vulnerable code is not present in libidn2. The CVSSv3.1 base score is 4.0 (Medium), with LOCAL attack vector, HIGH complexity, ...

EUVD-2026-38523

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idnatounicodeinternal. The affected code is not present in libidn2...

CVE-2026-57053

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idnatounicodeinternal. The affected code is not present in libidn2...

CVE-2026-56968

GNU SASL before 2.2.4 is affected by a vulnerability in the NTLM client: insufficient sanitization of a short challenge in _gsasl_ntlm_client_step, potentially leading to memory disclosure when communicating with a crafted server. Affected component: gsasl NTLM client within GNU SASL. Potential i...

CVE-2026-56968

GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted server...

CVE-2026-53655

node-tar (node-tar) before version 7.5.16 is vulnerable: it applies a PAX extended header size override to the next header entry, including intermediary L/K/x headers, which desynchronizes the stream cursor from other tar implementations. This yields a tar-parser interpretation differential (CWE-...

Astra Linux – Vulnerability in aspell

The libaspell.a file in GNU Aspell before version 0.60.8 has a buffer overflow issue for strings that end with a single '\0' byte. This issue occurs when the encoding is set to ucs-2 or ucs-4 outside of the application, as indicated by the ASPELLCONF environment variable...

Astra Linux – Vulnerability in binutils

Heap buffer overflow vulnerability in binutils’ readelf before version 2.40, caused by the displaydebugsection function in the readelf.c file...

Astra Linux – Vulnerability in binutils

A vulnerability has been discovered in GNU Binutils 2.45. The affected element is the function elfswapshdr in the bfd/elfcode.h library of the Linker component. Manipulation of this function leads to a heap-based buffer overflow. This attack must be carried out locally. The exploit has been...

Astra Linux – Vulnerability in libtar

An attacker who submits a crafted tar file with a size of 0 in the header struct may be able to trigger a call to malloc0 for a variable named gnulonglink, resulting in an out-of-bounds read...

Astra Linux – Vulnerability in binutils

A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in the GNU Binutils through version 2.31. There is an integer overflow and an infinite loop caused by the ISCONTAINEDBYLMA macro in elf.c...

Astra Linux – Vulnerability in glibc

The Name Service Cache Daemon’s nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. This flaw was introduced in glibc 2.15, when the cache was added to nscd. This vulnerability only exists in the nscd binary...

Astra Linux – Vulnerability in binutils

The getcount function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service malloc calls with an integer overflow result or potentially have unspecified other impacts through a crafted string, as demonstrated by c++filt...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: s390: Avoid using a global register for the currentstackpointer. The commit 30de14b1884b “s390: The currentstackpointer should not be a function” changed the currentstackpointer to a global register variable, as is common on many...

Astra Linux – Vulnerability in glibc

The iconv feature in the GNU C Library also known as glibc or libc6, up to version 2.32, may have a buffer over-read issue when processing invalid multi-byte input sequences in the EUC-KR encoding...

Astra Linux – Vulnerability in GIMP

GIMP PSP File Parsing: An Off-by-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicio...