Unrated severityNVD Advisory· Published Jan 27, 2026· Updated Jan 28, 2026
CVE-2026-24883
CVE-2026-24883
Description
In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- osv-coords5 versionspkg:rpm/opensuse/gpg2&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/gpg2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Micro%206.2
< 2.5.5-160000.4.1+ 4 more
- (no CPE)range: < 2.5.5-160000.4.1
- (no CPE)range: < 2.5.17-1.1
- (no CPE)range: < 2.5.5-160000.4.1
- (no CPE)range: < 2.5.5-160000.4.1
- (no CPE)range: < 2.5.5-160000.4.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.