JLSEC-2026-564 In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized...

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

Astra Linux - уязвимость в ansible

A flaw was discovered in Ansible Engine, in ansible-engine 2.8.x before 2.8.15, and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation, even when the disablegpgcheck parameter is set to False—which is the default...

com.airlenet.netconf:netconf-callhome (=2.0.0), com.jsuereth:gpg-library_2.10 (=0.8) +14 more potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk16 (>=1.45 <=1.46)

org.bouncycastle:bcpg-jdk16 MAVEN version =1.45, =0.6, =2.0.16, =2.0.16, =2.0.16, =2.0.16, =2.9.0, =0.1.0-incubating, =0.1.0-incubating, =1.4, =3.5.0, =3.6.0 - sk.seges.acris:acris-test-support =2.0.0 and more Source cves: CVE-2026-3505 Source advisory: OSV:GHSA-CJ8J-37RH-8475...

SUSE-FU-2026:21232-1 Feature update for libgcrypt, libgpg-error

This update for libgcrypt, libgpg-error fixes the following issues: Update libgcrypt to 1.12.1 jscPED-15059: New and extended interfaces: - Allow access to the FIPS service indicator via the new GCRYCTLFIPSSERVICEINDICATOR control code. - Make SHA-1 non-FIPS internally for the 1.12 API - Add...

Ubuntu 16.04 LTS / 18.04 LTS : Roundcube Webmail vulnerabilities (USN-8132-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8132-1 advisory. It was discovered that Roundcube Webmail did not properly sanitize certain HTML elements within the e-mail body. An attacker could possibly u...

Oracle Linux 7 : gnupg2 (ELSA-2026-1677)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-1677 advisory. 2.0.22-5.0.1 - Fix CVE-2025-68973 gpg.fail/memcpy Orabug: 38914175 Tenable has extracted the preceding description block directly from the Oracle Linux security...

gnupg2 security update

2.0.22-5.0.1 - Fix CVE-2025-68973 gpg.fail/memcpy Orabug: 38914175...

SUSE-SU-2026:0434-1 Security update for gpg2

This update for gpg2 fixes the following issues: Security fixes: - CVE-2026-24882: Fixed stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys bsc1257396 - Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data 'Filename' Field bsc1256389...

SUSE SLES16 Security Update : gpg2 (SUSE-SU-2026:20195-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20195-1 advisory. - CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys bsc1257396. - CVE-2026-24883: deni...

SUSE CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

CVE-2026-24881

A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component...

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

EUVD-2026-4768

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

CVE-2026-24881

CVE-2026-24881 affects GnuPG up to version 2.5.16; the issue arises when processing a crafted CMS (S/MIME) EnvelopedData message with an oversized wrapped session key, causing a stack-based buffer overflow in the gpg-agent during PKDECRYPT--kem=CMS handling. This vulnerability can lead to denial ...

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

PT-2026-5009

Name of the Vulnerable Software and Affected Versions GnuPG versions prior to 2.5.17 Description A specially crafted CMS S/MIME EnvelopedData message with an oversized wrapped session key can lead to a stack-based buffer overflow within the gpg-agent component during PKDECRYPT--kem=CMS processing...

MiracleLinux 8 : osbuild-composer-101-1.el8.ML.1 (AXSA:2024-8449:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8449:02 advisory. osbuild-composer: race condition may disable GPG verification for package repositories CVE-2024-2307 Tenable has extracted the preceding description block...