Vulnerabilidades em gnupg
9 resultadosCVE-2017-7526MEDIUMlibgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the leftEPSS 3.9%CVE-2026-24881HIGHIn GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffeEPSS 2.0%CVE-2026-24883LOWIn GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leadinEPSS 0.4%CVE-2026-24882HIGHIn GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and EEPSS 0.4%CVE-2026-41989MEDIUMLibgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.EPSS 0.2%CVE-2025-30258LOWIn GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incEPSS 0.2%CVE-2026-41990MEDIUMLibgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.EPSS 0.2%CVE-2025-68973HIGHIn GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-boundEPSS 0.1%CVE-2025-68972MEDIUMIn GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that placesEPSS 0.1%