CVE-2026-24882

Опубликовано: 27 янв. 2026

Источник: debian

EPSS Низкий

Описание

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.

Пакет	Статус	Версия исправления	Релиз	Тип
gnupg2	fixed	2.4.9-2	experimental	package
gnupg2	unfixed			package
gnupg2	no-dsa		trixie	package
gnupg2	not-affected		bookworm	package
gnupg2	not-affected		bullseye	package

https://dev.gnupg.org/T8045
Introduced after: https://github.com/gpg/gnupg/commit/62a7854816b8f3661fb41f05463289e5b96663ee (Beta-2.3.0-beta1655)

EPSS

Процентиль: 0%

0.00006

Низкий

CVE-2026-24882

CVSS3: 8.4

ubuntu

2 месяца назад

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.

CVE-2026-24882

CVSS3: 8.4

redhat

2 месяца назад

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.

CVE-2026-24882

CVSS3: 8.4

nvd

2 месяца назад

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.

SUSE-SU-2026:0434-1

suse-cvrf

около 2 месяцев назад

Security update for gpg2

RLSA-2026:2719

rocky

около 1 месяца назад

Important: gnupg2 security update

EPSS

Процентиль: 0%

0.00006

Низкий