Unrated severityNVD Advisory· Published Jan 27, 2026· Updated Jan 28, 2026
CVE-2026-24882
CVE-2026-24882
Description
In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
15- osv-coords13 versionspkg:rpm/almalinux/gnupg2pkg:rpm/almalinux/gnupg2-smimepkg:rpm/opensuse/gpg2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/gpg2&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/gpg2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Micro%206.2
< 2.4.5-4.el10_1+ 12 more
- (no CPE)range: < 2.4.5-4.el10_1
- (no CPE)range: < 2.4.5-4.el10_1
- (no CPE)range: < 2.4.4-150600.3.15.1
- (no CPE)range: < 2.5.5-160000.4.1
- (no CPE)range: < 2.5.17-1.1
- (no CPE)range: < 2.4.4-150600.3.15.1
- (no CPE)range: < 2.4.4-150600.3.15.1
- (no CPE)range: < 2.5.5-160000.4.1
- (no CPE)range: < 2.4.4-150600.3.15.1
- (no CPE)range: < 2.5.5-160000.4.1
- (no CPE)range: < 2.4.4-7.1
- (no CPE)range: < 2.4.4-slfo.1.1_7.1
- (no CPE)range: < 2.5.5-160000.4.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.