27 matches found
JLSEC-2026-564 In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized...
In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...
SUSE CVE-2026-24881
In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...
CVE-2026-24881
A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component...
CVE-2026-24881
In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...
CVE-2026-24881
In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...
CVE-2026-24881
In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...
EUVD-2026-4768
In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...
CVE-2026-24881
In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...
CVE-2026-24881
CVE-2026-24881 affects GnuPG up to version 2.5.16; the issue arises when processing a crafted CMS (S/MIME) EnvelopedData message with an oversized wrapped session key, causing a stack-based buffer overflow in the gpg-agent during PKDECRYPT--kem=CMS handling. This vulnerability can lead to denial ...
CVE-2026-24881
In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...
PT-2026-5009
Name of the Vulnerable Software and Affected Versions GnuPG versions prior to 2.5.17 Description A specially crafted CMS S/MIME EnvelopedData message with an oversized wrapped session key can lead to a stack-based buffer overflow within the gpg-agent component during PKDECRYPT--kem=CMS processing...
Fedora: Security Advisory (FEDORA-2024-029752e60b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-12f0caa904)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: rust-sequoia-gpg-agent-0.4.2-1.fc40
A library for interacting with GnuPG's gpg-agent...
Fedora 40 : rust-sequoia-chameleon-gnupg / rust-sequoia-gpg-agent / etc (2024-12f0caa904)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-12f0caa904 advisory. - Update the sequoia-openpgp crate to version 1.21.1. Addresses RUSTSEC-2024-0345. - Update the sequoia-keystore crate to version 0.5.1. - Update the...
[SECURITY] Fedora 27 Update: libgpg-error-1.31-1.fc27
This is a library that defines common error values for all GnuPG components. Among these are GPG, GPGSM, GPGME, GPG-Agent, libgcrypt, pinentry, SmartCard Daemon and possibly more in the future...
GPG Reaper - Obtain/Steal/Restore GPG Private Keys From Gpg-Agent Cache/Memory
Obtain/Steal/Restore GPG Private Keys from gpg-agent cache/memory This POC demonstrates method for obtaining GPG private keys from gpg-agent memory under Windows. Normally this should be possible only within 10 minutes time frame --default-cache-ttl value. Unfortunately housekeeping function whic...
openSUSE Security Update : subversion (openSUSE-SU-2014:1725-1)
This Apache Subversion update fixes the following security and non security issues. - Apache Subversion 1.8.11 - This release addresses two security issues: boo909935 - CVE-2014-3580: moddavsvn DoS from invalid REPORT requests. - CVE-2014-8108: moddavsvn DoS from use of invalid transaction names....
Fedora 17 : gnome-keyring-3.4.1-3.fc17 (2012-12368)
GPG agent did not respect cache expiry settings. Backported patch to fix this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
MDVA-2010:204 : gnupg2
The gpg-agent has a problem making it stop to work after 1 minute or even not start at all. This update has fixes for this problems. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2012/09/06. C Tenable Network...