Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-24882

Опубликовано: 27 янв. 2026
Источник: redhat
CVSS3: 8.4
EPSS Низкий

Описание

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.

A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the tpm2daemon component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service.

Отчет

This is an IMPORTANT vulnerability in GnuPG's tpm2daemon, affecting systems configured to use TPM-backed RSA and ECC keys. A stack-based buffer overflow can occur when processing PKDECRYPT commands, potentially leading to denial of service or arbitrary code execution. Red Hat Enterprise Linux and Fedora systems are impacted if utilizing TPM-backed keys with GnuPG.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6gnupg2Not affected
Red Hat Enterprise Linux 7gnupg2Not affected
Red Hat Enterprise Linux 8gnupg2Not affected
Red Hat Enterprise Linux 9gnupg2Not affected
Red Hat Enterprise Linux 10gnupg2FixedRHSA-2026:271916.02.2026
Red Hat Enterprise Linux 10.0 Extended Update Supportgnupg2FixedRHSA-2026:275316.02.2026

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=2433464GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution

EPSS

Процентиль: 0%
0.00006
Низкий

8.4 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-24882

CVSS3: 8.4
ubuntu
около 2 месяцев назад

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.

nvd логотип

CVE-2026-24882

CVSS3: 8.4
nvd
около 2 месяцев назад

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.

debian логотип

CVE-2026-24882

CVSS3: 8.4
debian
около 2 месяцев назад

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2da ...

suse-cvrf логотип

SUSE-SU-2026:0434-1

suse-cvrf
около 2 месяцев назад

Security update for gpg2

rocky логотип

RLSA-2026:2719

rocky
около 1 месяца назад

Important: gnupg2 security update

EPSS

Процентиль: 0%
0.00006
Низкий

8.4 High

CVSS3