VYPR

Vendor CVEs

Gnupg

All CVEs

63 total · sorted by risk
  • CVE-2010-2547HigAug 5, 2010
    risk 0.53cvss 8.1epss 0.05

    Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled…

  • CVE-2018-12020HigJun 8, 2018
    risk 0.49cvss 7.5epss 0.09

    mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP…

  • CVE-2018-9234HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.02

    GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.

  • CVE-2018-6829HigFeb 7, 2018
    risk 0.49cvss 7.5epss 0.02

    cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack).…

  • CVE-2017-0379HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.

  • CVE-2016-4579HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.03

    Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."

  • CVE-2016-4574HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.03

    Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for…

  • CVE-2016-4356HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.03

    The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.

  • CVE-2016-4355HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.02

    Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.

  • CVE-2016-4354HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.02

    ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.

  • CVE-2016-4353HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.02

    ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.

  • CVE-2026-41989MedApr 23, 2026
    risk 0.44cvss 6.7epss 0.00

    Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.

  • CVE-2017-7526MedJul 26, 2018
    risk 0.40cvss 6.1epss 0.04

    libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more…

  • CVE-2017-9526MedJun 11, 2017
    risk 0.39cvss 5.9epss 0.02

    In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that…

  • CVE-2024-2236MedMar 6, 2024
    risk 0.38cvss 5.9epss 0.01

    A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

  • CVE-2016-6313MedDec 13, 2016
    risk 0.35cvss 5.3epss 0.04

    The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

  • CVE-2026-41990MedApr 23, 2026
    risk 0.26cvss 4.0epss 0.00

    Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.

  • CVE-2015-7511LowApr 19, 2016
    risk 0.13cvss 2.0epss 0.00

    Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.

  • CVE-2006-3746Jul 28, 2006
    risk 0.04cvss epss 0.07

    Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.

  • CVE-2006-3082Jun 19, 2006
    risk 0.04cvss epss 0.07

    parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as…

  • CVE-2007-1263Mar 6, 2007
    risk 0.03cvss epss 0.05

    GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.

  • CVE-2006-0455Feb 15, 2006
    risk 0.03cvss epss 0.01

    gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. …

  • CVE-2003-0255May 27, 2003
    risk 0.01cvss epss 0.07

    The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.

  • CVE-2026-57062Jun 23, 2026
    risk 0.00cvss epss 0.00

    CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182.

  • CVE-2026-24883Jan 27, 2026
    risk 0.00cvss epss 0.00

    In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).

  • CVE-2026-24882Jan 27, 2026
    risk 0.00cvss epss 0.00

    In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.

  • CVE-2026-24881Jan 27, 2026
    risk 0.00cvss epss 0.02

    In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also…

  • CVE-2025-68973Dec 28, 2025
    risk 0.00cvss epss 0.00

    In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)

  • CVE-2025-68972Dec 27, 2025
    risk 0.00cvss epss 0.00

    In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor"…

  • CVE-2025-30258Mar 19, 2025
    risk 0.00cvss epss 0.00

    In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

  • CVE-2022-3219Feb 23, 2023
    risk 0.00cvss epss 0.00

    GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

  • CVE-2022-34903Jul 1, 2022
    risk 0.00cvss epss 0.03

    GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.

  • CVE-2021-40528Sep 6, 2021
    risk 0.00cvss epss 0.01

    The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key,…

  • CVE-2021-33560Jun 8, 2021
    risk 0.00cvss epss 0.02

    Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.

  • CVE-2021-3345Jan 29, 2021
    risk 0.00cvss epss 0.01

    _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.

  • CVE-2020-25125Sep 3, 2020
    risk 0.00cvss epss 0.01

    GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x…

  • CVE-2019-14855Mar 20, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

  • CVE-2015-0837Nov 29, 2019
    risk 0.00cvss epss 0.02

    The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."

  • CVE-2014-3591Nov 29, 2019
    risk 0.00cvss epss 0.01

    Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the…

  • CVE-2015-1607Nov 20, 2019
    risk 0.00cvss epss 0.02

    kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and…

  • CVE-2015-1606Nov 20, 2019
    risk 0.00cvss epss 0.02

    The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.

  • CVE-2019-13050Jun 29, 2019
    risk 0.00cvss epss 0.03

    Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent…

  • CVE-2018-1000858Dec 20, 2018
    risk 0.00cvss epss 0.01

    GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in…

  • CVE-2018-12356CriJun 15, 2018
    risk 0.00cvss 9.8epss 0.05

    An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files…

  • CVE-2014-9087Dec 1, 2014
    risk 0.00cvss epss 0.05

    Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

  • CVE-2014-5270Oct 10, 2014
    risk 0.00cvss epss 0.01

    Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage…

  • CVE-2014-4617Jun 25, 2014
    risk 0.00cvss epss 0.03

    The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.

  • CVE-2013-4576Dec 20, 2013
    risk 0.00cvss epss 0.00

    GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE:…

  • CVE-2013-4402Oct 28, 2013
    risk 0.00cvss epss 0.05

    The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.

  • CVE-2013-4351Oct 10, 2013
    risk 0.00cvss epss 0.03

    GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.

Page 1 of 2