Nixpkgs security tracker
2.9 LOW
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): Low (L)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): None (N)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
15 packages
- pam_gnupg
- gnupg-pkcs11-scd
- phpExtensions.gnupg
- php82Extensions.gnupg
- php83Extensions.gnupg
- php84Extensions.gnupg
- php85Extensions.gnupg
- sequoia-chameleon-gnupg
- perlPackages.GnuPGInterface
- perl5Packages.GnuPGInterface
- perl538Packages.GnuPGInterface
- perl540Packages.GnuPGInterface
- python312Packages.python-gnupg
- python313Packages.python-gnupg
- python314Packages.python-gnupg
- @LeSuisse ignored reference https://w…
- @LeSuisse accepted
- @LeSuisse published on GitHub
CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through …
CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182.
References
Ignored references (1)
Affected products
- =<2.5.20
Matching in nixpkgs
pkgs.gnupg
Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation
pkgs.gnupg1
Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation with symbolic links for gpg and gpgv
pkgs.gnupg24
Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation
pkgs.gnupg1compat
Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation with symbolic links for gpg and gpgv
pkgs.gnupgMinimal
Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation
Ignored packages (15)
pkgs.pam_gnupg
Unlock GnuPG keys on login
pkgs.gnupg-pkcs11-scd
Smart-card daemon to enable the use of PKCS#11 tokens with GnuPG
pkgs.phpExtensions.gnupg
PHP wrapper for GpgME library that provides access to GnuPG
pkgs.php82Extensions.gnupg
PHP wrapper for GpgME library that provides access to GnuPG
pkgs.php83Extensions.gnupg
PHP wrapper for GpgME library that provides access to GnuPG
pkgs.php84Extensions.gnupg
PHP wrapper for GpgME library that provides access to GnuPG
pkgs.php85Extensions.gnupg
PHP wrapper for GpgME library that provides access to GnuPG
pkgs.sequoia-chameleon-gnupg
Sequoia's reimplementation of the GnuPG interface
pkgs.perlPackages.GnuPGInterface
Supply object methods for interacting with GnuPG
pkgs.perl5Packages.GnuPGInterface
Supply object methods for interacting with GnuPG
pkgs.perl538Packages.GnuPGInterface
None
pkgs.perl540Packages.GnuPGInterface
None
pkgs.python312Packages.python-gnupg
None
pkgs.python313Packages.python-gnupg
API for the GNU Privacy Guard (GnuPG)
Package maintainers
-
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
-
@stigtsp Stig Palmquist <stig@stig.io>
-
@infinisil Silvan Mosberger <contact@infinisil.com>
-
@pyrox0 Pyrox <pyrox@pyrox.dev>
-
@balsoft Alexander Bantyev <balsoft75@gmail.com>
-
@andir Andreas Rammhold <andreas@rammhold.de>