Nixpkgs Security Tracker

Permalink CVE-2014-3591

created 1 month, 1 week ago

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement …

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.

References

http://www.cs.tau.ac.il/~tromer/radioexp/ x_refsource_MISC
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html x_refsource_MISC
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html x_refsource_MISC
http://www.debian.org/security/2015/dsa-3184 x_refsource_MISC
http://www.debian.org/security/2015/dsa-3185 x_refsource_MISC
http://www.cs.tau.ac.il/~tromer/radioexp/ x_transferred x_refsource_MISC
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html x_transferred x_refsource_MISC
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html x_transferred x_refsource_MISC
http://www.debian.org/security/2015/dsa-3184 x_transferred x_refsource_MISC
http://www.debian.org/security/2015/dsa-3185 x_transferred x_refsource_MISC
http://www.cs.tau.ac.il/~tromer/radioexp/ x_refsource_MISC
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html x_refsource_MISC
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html x_refsource_MISC
http://www.debian.org/security/2015/dsa-3184 x_refsource_MISC
http://www.debian.org/security/2015/dsa-3185 x_refsource_MISC
http://www.cs.tau.ac.il/~tromer/radioexp/ x_transferred x_refsource_MISC
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html x_transferred x_refsource_MISC
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html x_transferred x_refsource_MISC
http://www.debian.org/security/2015/dsa-3184 x_transferred x_refsource_MISC
http://www.debian.org/security/2015/dsa-3185 x_transferred x_refsource_MISC

Affected products

GnuPG

==before 1.4.19

Libgcrypt

==before 1.6.3

Matching in nixpkgs

pkgs.gnupg

Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation

nixos-unstable 2.4.8
- nixpkgs-unstable 2.4.8
- nixos-unstable-small 2.4.8
nixos-25.11 2.4.8
- nixos-25.11-small 2.4.8
- nixpkgs-25.11-darwin 2.4.8

pkgs.gnupg1

Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation with symbolic links for gpg and gpgv

nixos-unstable 2.4.8
- nixpkgs-unstable 2.4.8
- nixos-unstable-small 2.4.8
nixos-25.11 2.4.8
- nixos-25.11-small 2.4.8
- nixpkgs-25.11-darwin 2.4.8

pkgs.gnupg24

Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation

nixos-unstable 2.4.8
- nixpkgs-unstable 2.4.8
- nixos-unstable-small 2.4.8
nixos-25.11 2.4.8
- nixos-25.11-small 2.4.8
- nixpkgs-25.11-darwin 2.4.8

pkgs.libgcrypt

General-purpose cryptographic library

nixos-unstable 1.11.2
- nixpkgs-unstable 1.11.2
- nixos-unstable-small 1.11.2
nixos-25.11 1.11.2
- nixos-25.11-small 1.11.2
- nixpkgs-25.11-darwin 1.11.2

pkgs.pam_gnupg

Unlock GnuPG keys on login

nixos-unstable 0.4
- nixpkgs-unstable 0.4
- nixos-unstable-small 0.4
nixos-25.11 0.4
- nixos-25.11-small 0.4
- nixpkgs-25.11-darwin 0.4

pkgs.gnupg1compat

Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation with symbolic links for gpg and gpgv

nixos-unstable 2.4.8
- nixpkgs-unstable 2.4.8
- nixos-unstable-small 2.4.8
nixos-25.11 2.4.8
- nixos-25.11-small 2.4.8
- nixpkgs-25.11-darwin 2.4.8

pkgs.gnupg-pkcs11-scd

Smart-card daemon to enable the use of PKCS#11 tokens with GnuPG

nixos-unstable pkcs11-scd-0.11.0
- nixpkgs-unstable pkcs11-scd-0.11.0
- nixos-unstable-small pkcs11-scd-0.11.0
nixos-25.11 pkcs11-scd-0.11.0
- nixos-25.11-small pkcs11-scd-0.11.0
- nixpkgs-25.11-darwin pkcs11-scd-0.11.0

pkgs.phpExtensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4
nixos-25.11 1.5.4
- nixos-25.11-small 1.5.4
- nixpkgs-25.11-darwin 1.5.4

pkgs.php81Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

pkgs.php82Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4
nixos-25.11 1.5.4
- nixos-25.11-small 1.5.4
- nixpkgs-25.11-darwin 1.5.4

pkgs.php83Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4
nixos-25.11 1.5.4
- nixos-25.11-small 1.5.4
- nixpkgs-25.11-darwin 1.5.4

pkgs.php84Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4
nixos-25.11 1.5.4
- nixos-25.11-small 1.5.4
- nixpkgs-25.11-darwin 1.5.4

pkgs.php85Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4
nixos-25.11 1.5.4
- nixos-25.11-small 1.5.4
- nixpkgs-25.11-darwin 1.5.4

pkgs.sequoia-chameleon-gnupg

Sequoia's reimplementation of the GnuPG interface

nixos-unstable 0.13.1
- nixpkgs-unstable 0.13.1
- nixos-unstable-small 0.13.1
nixos-25.11 0.13.1
- nixos-25.11-small 0.13.1
- nixpkgs-25.11-darwin 0.13.1

pkgs.perlPackages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-unstable 1.03
- nixpkgs-unstable 1.03
- nixos-unstable-small 1.03
nixos-25.11 1.03
- nixos-25.11-small 1.03
- nixpkgs-25.11-darwin 1.03

pkgs.perl5Packages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-unstable 1.03
- nixpkgs-unstable 1.03
- nixos-unstable-small 1.03

pkgs.perl538Packages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-25.11 1.03
- nixos-25.11-small 1.03
- nixpkgs-25.11-darwin 1.03

pkgs.perl540Packages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-25.11 1.03
- nixos-25.11-small 1.03
- nixpkgs-25.11-darwin 1.03

pkgs.python312Packages.python-gnupg

API for the GNU Privacy Guard (GnuPG)

nixos-25.11 0.5.5
- nixos-25.11-small 0.5.5
- nixpkgs-25.11-darwin 0.5.5

pkgs.python313Packages.python-gnupg

API for the GNU Privacy Guard (GnuPG)

nixos-unstable 0.5.5
- nixpkgs-unstable 0.5.5
- nixos-unstable-small 0.5.5
nixos-25.11 0.5.5
- nixos-25.11-small 0.5.5
- nixpkgs-25.11-darwin 0.5.5

pkgs.python314Packages.python-gnupg

API for the GNU Privacy Guard (GnuPG)

nixos-unstable 0.5.5
- nixpkgs-unstable 0.5.5
- nixos-unstable-small 0.5.5

Package maintainers

@stigtsp Stig Palmquist <stig@stig.io>
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
@matthiasbeyer Matthias Beyer <mail@beyermatthias.de>
@philandstuff Philip Potter <philip.g.potter@gmail.com>
@mtreca Maxime Tréca <maxime.treca@gmail.com>
@aanderse Aaron Andersen <aaron@fosslib.net>
@piotrkwiecinski Piotr Kwiecinski <piokwiecinski+nixpkgs@gmail.com>
@taikx4 taikx4 <taikx4@taikx4szlaj2rsdupcwabg35inbny4jk322ngeb7qwbbhd5i55nf5yyd.onion>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@NickCao Nick Cao <nickcao@nichi.co>

Permalink CVE-2015-0837

created 1 month, 1 week ago

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before …

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."

References

http://www.debian.org/security/2015/dsa-3184 x_refsource_MISC
http://www.debian.org/security/2015/dsa-3185 x_refsource_MISC
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html x_refsource_CONFIRM
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html x_refsource_CONFIRM
https://ieeexplore.ieee.org/document/7163050 x_refsource_MISC
http://www.debian.org/security/2015/dsa-3184 x_transferred x_refsource_MISC
http://www.debian.org/security/2015/dsa-3185 x_transferred x_refsource_MISC
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html x_transferred x_refsource_CONFIRM
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html x_transferred x_refsource_CONFIRM
https://ieeexplore.ieee.org/document/7163050 x_transferred x_refsource_MISC
http://www.debian.org/security/2015/dsa-3185 x_refsource_MISC
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html x_refsource_CONFIRM
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html x_refsource_CONFIRM
https://ieeexplore.ieee.org/document/7163050 x_refsource_MISC
http://www.debian.org/security/2015/dsa-3184 x_refsource_MISC
http://www.debian.org/security/2015/dsa-3184 x_transferred x_refsource_MISC
http://www.debian.org/security/2015/dsa-3185 x_transferred x_refsource_MISC
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html x_transferred x_refsource_CONFIRM
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html x_transferred x_refsource_CONFIRM
https://ieeexplore.ieee.org/document/7163050 x_transferred x_refsource_MISC

Affected products

GnuPG

==before 1.4.19

Libgcrypt

==before 1.6.3

Matching in nixpkgs

pkgs.gnupg

Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation

nixos-unstable 2.4.8
- nixpkgs-unstable 2.4.8
- nixos-unstable-small 2.4.8
nixos-25.11 2.4.8
- nixos-25.11-small 2.4.8
- nixpkgs-25.11-darwin 2.4.8

pkgs.gnupg1

Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation with symbolic links for gpg and gpgv

nixos-unstable 2.4.8
- nixpkgs-unstable 2.4.8
- nixos-unstable-small 2.4.8
nixos-25.11 2.4.8
- nixos-25.11-small 2.4.8
- nixpkgs-25.11-darwin 2.4.8

pkgs.gnupg24

Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation

nixos-unstable 2.4.8
- nixpkgs-unstable 2.4.8
- nixos-unstable-small 2.4.8
nixos-25.11 2.4.8
- nixos-25.11-small 2.4.8
- nixpkgs-25.11-darwin 2.4.8

pkgs.libgcrypt

General-purpose cryptographic library

nixos-unstable 1.11.2
- nixpkgs-unstable 1.11.2
- nixos-unstable-small 1.11.2
nixos-25.11 1.11.2
- nixos-25.11-small 1.11.2
- nixpkgs-25.11-darwin 1.11.2

pkgs.pam_gnupg

Unlock GnuPG keys on login

nixos-unstable 0.4
- nixpkgs-unstable 0.4
- nixos-unstable-small 0.4
nixos-25.11 0.4
- nixos-25.11-small 0.4
- nixpkgs-25.11-darwin 0.4

pkgs.gnupg1compat

Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation with symbolic links for gpg and gpgv

nixos-unstable 2.4.8
- nixpkgs-unstable 2.4.8
- nixos-unstable-small 2.4.8
nixos-25.11 2.4.8
- nixos-25.11-small 2.4.8
- nixpkgs-25.11-darwin 2.4.8

pkgs.gnupg-pkcs11-scd

Smart-card daemon to enable the use of PKCS#11 tokens with GnuPG

nixos-unstable pkcs11-scd-0.11.0
- nixpkgs-unstable pkcs11-scd-0.11.0
- nixos-unstable-small pkcs11-scd-0.11.0
nixos-25.11 pkcs11-scd-0.11.0
- nixos-25.11-small pkcs11-scd-0.11.0
- nixpkgs-25.11-darwin pkcs11-scd-0.11.0

pkgs.phpExtensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4
nixos-25.11 1.5.4
- nixos-25.11-small 1.5.4
- nixpkgs-25.11-darwin 1.5.4

pkgs.php81Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

pkgs.php82Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4
nixos-25.11 1.5.4
- nixos-25.11-small 1.5.4
- nixpkgs-25.11-darwin 1.5.4

pkgs.php83Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4
nixos-25.11 1.5.4
- nixos-25.11-small 1.5.4
- nixpkgs-25.11-darwin 1.5.4

pkgs.php84Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4
nixos-25.11 1.5.4
- nixos-25.11-small 1.5.4
- nixpkgs-25.11-darwin 1.5.4

pkgs.php85Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4
nixos-25.11 1.5.4
- nixos-25.11-small 1.5.4
- nixpkgs-25.11-darwin 1.5.4

pkgs.sequoia-chameleon-gnupg

Sequoia's reimplementation of the GnuPG interface

nixos-unstable 0.13.1
- nixpkgs-unstable 0.13.1
- nixos-unstable-small 0.13.1
nixos-25.11 0.13.1
- nixos-25.11-small 0.13.1
- nixpkgs-25.11-darwin 0.13.1

pkgs.perlPackages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-unstable 1.03
- nixpkgs-unstable 1.03
- nixos-unstable-small 1.03
nixos-25.11 1.03
- nixos-25.11-small 1.03
- nixpkgs-25.11-darwin 1.03

pkgs.perl5Packages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-unstable 1.03
- nixpkgs-unstable 1.03
- nixos-unstable-small 1.03

pkgs.perl538Packages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-25.11 1.03
- nixos-25.11-small 1.03
- nixpkgs-25.11-darwin 1.03

pkgs.perl540Packages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-25.11 1.03
- nixos-25.11-small 1.03
- nixpkgs-25.11-darwin 1.03

pkgs.python312Packages.python-gnupg

API for the GNU Privacy Guard (GnuPG)

nixos-25.11 0.5.5
- nixos-25.11-small 0.5.5
- nixpkgs-25.11-darwin 0.5.5

pkgs.python313Packages.python-gnupg

API for the GNU Privacy Guard (GnuPG)

nixos-unstable 0.5.5
- nixpkgs-unstable 0.5.5
- nixos-unstable-small 0.5.5
nixos-25.11 0.5.5
- nixos-25.11-small 0.5.5
- nixpkgs-25.11-darwin 0.5.5

pkgs.python314Packages.python-gnupg

API for the GNU Privacy Guard (GnuPG)

nixos-unstable 0.5.5
- nixpkgs-unstable 0.5.5
- nixos-unstable-small 0.5.5

Package maintainers

@stigtsp Stig Palmquist <stig@stig.io>
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
@matthiasbeyer Matthias Beyer <mail@beyermatthias.de>
@philandstuff Philip Potter <philip.g.potter@gmail.com>
@mtreca Maxime Tréca <maxime.treca@gmail.com>
@aanderse Aaron Andersen <aaron@fosslib.net>
@piotrkwiecinski Piotr Kwiecinski <piokwiecinski+nixpkgs@gmail.com>
@taikx4 taikx4 <taikx4@taikx4szlaj2rsdupcwabg35inbny4jk322ngeb7qwbbhd5i55nf5yyd.onion>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@NickCao Nick Cao <nickcao@nichi.co>

Permalink CVE-2026-24882

8.4 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months ago

In GnuPG before 2.5.17, a stack-based buffer overflow exists in …

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.

References

Affected products

GnuPG

<2.5.17

Matching in nixpkgs

pkgs.gnupg24

Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation

nixos-unstable 2.4.8
- nixpkgs-unstable 2.4.8
- nixos-unstable-small 2.4.8

pkgs.pam_gnupg

Unlock GnuPG keys on login

nixos-unstable 0.4
- nixpkgs-unstable 0.4
- nixos-unstable-small 0.4

pkgs.gnupg1compat

Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation with symbolic links for gpg and gpgv

nixos-unstable 2.4.8
- nixpkgs-unstable 2.4.8
- nixos-unstable-small 2.4.8

pkgs.gnupg-pkcs11-scd

Smart-card daemon to enable the use of PKCS#11 tokens with GnuPG

nixos-unstable pkcs11-scd-0.11.0
- nixpkgs-unstable pkcs11-scd-0.11.0
- nixos-unstable-small pkcs11-scd-0.11.0

pkgs.phpExtensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4

pkgs.php81Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

pkgs.php82Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4

pkgs.php83Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4

pkgs.php84Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4

pkgs.sequoia-chameleon-gnupg

Sequoia's reimplementation of the GnuPG interface

nixos-unstable 0.13.1
- nixpkgs-unstable 0.13.1
- nixos-unstable-small 0.13.1

pkgs.perlPackages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-unstable 1.03
- nixpkgs-unstable 1.03
- nixos-unstable-small 1.03

pkgs.perl538Packages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-unstable 1.03
- nixpkgs-unstable 1.03
- nixos-unstable-small 1.03

pkgs.perl540Packages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-unstable 1.03
- nixpkgs-unstable 1.03
- nixos-unstable-small 1.03

pkgs.python312Packages.python-gnupg

API for the GNU Privacy Guard (GnuPG)

nixos-unstable 0.5.5
- nixpkgs-unstable 0.5.5
- nixos-unstable-small 0.5.5

pkgs.python313Packages.python-gnupg

API for the GNU Privacy Guard (GnuPG)

nixos-unstable 0.5.5
- nixpkgs-unstable 0.5.5
- nixos-unstable-small 0.5.5

Package maintainers

@stigtsp Stig Palmquist <stig@stig.io>
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
@philandstuff Philip Potter <philip.g.potter@gmail.com>
@matthiasbeyer Matthias Beyer <mail@beyermatthias.de>
@mtreca Maxime Tréca <maxime.treca@gmail.com>
@aanderse Aaron Andersen <aaron@fosslib.net>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@piotrkwiecinski Piotr Kwiecinski <piokwiecinski+nixpkgs@gmail.com>
@taikx4 taikx4 <taikx4@taikx4szlaj2rsdupcwabg35inbny4jk322ngeb7qwbbhd5i55nf5yyd.onion>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@NickCao Nick Cao <nickcao@nichi.co>

Permalink CVE-2026-24881

8.1 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months ago

In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message …

In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.

References

Affected products

GnuPG

<2.5.17

Matching in nixpkgs

pkgs.gnupg24

Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation

nixos-unstable 2.4.8
- nixpkgs-unstable 2.4.8
- nixos-unstable-small 2.4.8

pkgs.pam_gnupg

Unlock GnuPG keys on login

nixos-unstable 0.4
- nixpkgs-unstable 0.4
- nixos-unstable-small 0.4

pkgs.gnupg1compat

Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation with symbolic links for gpg and gpgv

nixos-unstable 2.4.8
- nixpkgs-unstable 2.4.8
- nixos-unstable-small 2.4.8

pkgs.gnupg-pkcs11-scd

Smart-card daemon to enable the use of PKCS#11 tokens with GnuPG

nixos-unstable pkcs11-scd-0.11.0
- nixpkgs-unstable pkcs11-scd-0.11.0
- nixos-unstable-small pkcs11-scd-0.11.0

pkgs.phpExtensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4

pkgs.php81Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

pkgs.php82Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4

pkgs.php83Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4

pkgs.php84Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4

pkgs.sequoia-chameleon-gnupg

Sequoia's reimplementation of the GnuPG interface

nixos-unstable 0.13.1
- nixpkgs-unstable 0.13.1
- nixos-unstable-small 0.13.1

pkgs.perlPackages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-unstable 1.03
- nixpkgs-unstable 1.03
- nixos-unstable-small 1.03

pkgs.perl538Packages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-unstable 1.03
- nixpkgs-unstable 1.03
- nixos-unstable-small 1.03

pkgs.perl540Packages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-unstable 1.03
- nixpkgs-unstable 1.03
- nixos-unstable-small 1.03

pkgs.python312Packages.python-gnupg

API for the GNU Privacy Guard (GnuPG)

nixos-unstable 0.5.5
- nixpkgs-unstable 0.5.5
- nixos-unstable-small 0.5.5

pkgs.python313Packages.python-gnupg

API for the GNU Privacy Guard (GnuPG)

nixos-unstable 0.5.5
- nixpkgs-unstable 0.5.5
- nixos-unstable-small 0.5.5

Package maintainers

@stigtsp Stig Palmquist <stig@stig.io>
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
@philandstuff Philip Potter <philip.g.potter@gmail.com>
@matthiasbeyer Matthias Beyer <mail@beyermatthias.de>
@mtreca Maxime Tréca <maxime.treca@gmail.com>
@aanderse Aaron Andersen <aaron@fosslib.net>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@piotrkwiecinski Piotr Kwiecinski <piokwiecinski+nixpkgs@gmail.com>
@taikx4 taikx4 <taikx4@taikx4szlaj2rsdupcwabg35inbny4jk322ngeb7qwbbhd5i55nf5yyd.onion>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@NickCao Nick Cao <nickcao@nichi.co>

Permalink CVE-2026-24883

3.7 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): LOW

created 2 months ago

In GnuPG before 2.5.17, a long signature packet length causes …

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).

References

Affected products

GnuPG

<2.5.17

Matching in nixpkgs

pkgs.gnupg24

Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation

nixos-unstable 2.4.8
- nixpkgs-unstable 2.4.8
- nixos-unstable-small 2.4.8

pkgs.pam_gnupg

Unlock GnuPG keys on login

nixos-unstable 0.4
- nixpkgs-unstable 0.4
- nixos-unstable-small 0.4

pkgs.gnupg1compat

Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation with symbolic links for gpg and gpgv

nixos-unstable 2.4.8
- nixpkgs-unstable 2.4.8
- nixos-unstable-small 2.4.8

pkgs.gnupg-pkcs11-scd

Smart-card daemon to enable the use of PKCS#11 tokens with GnuPG

nixos-unstable pkcs11-scd-0.11.0
- nixpkgs-unstable pkcs11-scd-0.11.0
- nixos-unstable-small pkcs11-scd-0.11.0

pkgs.phpExtensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4

pkgs.php81Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

pkgs.php82Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4

pkgs.php83Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4
- nixos-unstable-small 1.5.4

pkgs.php84Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.4
- nixpkgs-unstable 1.5.4

pkgs.sequoia-chameleon-gnupg

Sequoia's reimplementation of the GnuPG interface

nixos-unstable 0.13.1
- nixpkgs-unstable 0.13.1
- nixos-unstable-small 0.13.1

pkgs.perlPackages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-unstable 1.03
- nixpkgs-unstable 1.03
- nixos-unstable-small 1.03

pkgs.perl538Packages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-unstable 1.03
- nixpkgs-unstable 1.03
- nixos-unstable-small 1.03

pkgs.perl540Packages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-unstable 1.03
- nixpkgs-unstable 1.03
- nixos-unstable-small 1.03

pkgs.python312Packages.python-gnupg

API for the GNU Privacy Guard (GnuPG)

nixos-unstable 0.5.5
- nixpkgs-unstable 0.5.5
- nixos-unstable-small 0.5.5

pkgs.python313Packages.python-gnupg

API for the GNU Privacy Guard (GnuPG)

nixos-unstable 0.5.5
- nixpkgs-unstable 0.5.5
- nixos-unstable-small 0.5.5

Package maintainers

@stigtsp Stig Palmquist <stig@stig.io>
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
@philandstuff Philip Potter <philip.g.potter@gmail.com>
@matthiasbeyer Matthias Beyer <mail@beyermatthias.de>
@mtreca Maxime Tréca <maxime.treca@gmail.com>
@aanderse Aaron Andersen <aaron@fosslib.net>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@piotrkwiecinski Piotr Kwiecinski <piokwiecinski+nixpkgs@gmail.com>
@taikx4 taikx4 <taikx4@taikx4szlaj2rsdupcwabg35inbny4jk322ngeb7qwbbhd5i55nf5yyd.onion>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@NickCao Nick Cao <nickcao@nichi.co>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.gnupg

pkgs.gnupg1

pkgs.gnupg24

pkgs.libgcrypt

pkgs.pam_gnupg

pkgs.gnupg1compat

pkgs.gnupg-pkcs11-scd

pkgs.phpExtensions.gnupg

pkgs.php81Extensions.gnupg

pkgs.php82Extensions.gnupg

pkgs.php83Extensions.gnupg

pkgs.php84Extensions.gnupg

pkgs.php85Extensions.gnupg

pkgs.sequoia-chameleon-gnupg

pkgs.perlPackages.GnuPGInterface

pkgs.perl5Packages.GnuPGInterface

pkgs.perl538Packages.GnuPGInterface

pkgs.perl540Packages.GnuPGInterface

pkgs.python312Packages.python-gnupg

pkgs.python313Packages.python-gnupg

pkgs.python314Packages.python-gnupg

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.gnupg

pkgs.gnupg1

pkgs.gnupg24

pkgs.libgcrypt

pkgs.pam_gnupg

pkgs.gnupg1compat

pkgs.gnupg-pkcs11-scd

pkgs.phpExtensions.gnupg

pkgs.php81Extensions.gnupg

pkgs.php82Extensions.gnupg

pkgs.php83Extensions.gnupg

pkgs.php84Extensions.gnupg

pkgs.php85Extensions.gnupg

pkgs.sequoia-chameleon-gnupg

pkgs.perlPackages.GnuPGInterface

pkgs.perl5Packages.GnuPGInterface

pkgs.perl538Packages.GnuPGInterface

pkgs.perl540Packages.GnuPGInterface

pkgs.python312Packages.python-gnupg

pkgs.python313Packages.python-gnupg

pkgs.python314Packages.python-gnupg

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.gnupg24

pkgs.pam_gnupg

pkgs.gnupg1compat

pkgs.gnupg-pkcs11-scd

pkgs.phpExtensions.gnupg

pkgs.php81Extensions.gnupg

pkgs.php82Extensions.gnupg

pkgs.php83Extensions.gnupg

pkgs.php84Extensions.gnupg

pkgs.sequoia-chameleon-gnupg

pkgs.perlPackages.GnuPGInterface

pkgs.perl538Packages.GnuPGInterface

pkgs.perl540Packages.GnuPGInterface

pkgs.python312Packages.python-gnupg

pkgs.python313Packages.python-gnupg

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.gnupg24

pkgs.pam_gnupg

pkgs.gnupg1compat

pkgs.gnupg-pkcs11-scd

pkgs.phpExtensions.gnupg

pkgs.php81Extensions.gnupg

pkgs.php82Extensions.gnupg