CVE-2026-24883

Опубликовано: 27 янв. 2026

Источник: debian

EPSS Низкий

Описание

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
gnupg2	not-affected			package

Примечания

https://dev.gnupg.org/T8049
Introduced by: https://dev.gnupg.org/rG36dbca3e6944d13e75e96eace634e58a7d7e201d (gnupg-2.5.3)

EPSS

Процентиль: 2%

0.00014

Низкий

Связанные уязвимости

CVE-2026-24883

CVSS3: 3.7

ubuntu

11 дней назад

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).

CVE-2026-24883

CVSS3: 3.7

nvd

11 дней назад

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).

GHSA-7246-cvp4-g68w

CVSS3: 3.7

github

10 дней назад

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).

openSUSE-SU-2026:20136-1

suse-cvrf

9 дней назад

Security update for gpg2

EPSS

Процентиль: 2%

0.00014

Низкий