CVE-2026-24883

Опубликовано: 27 янв. 2026

Источник: redhat

CVSS3: 3.7

EPSS Низкий

Описание

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).

A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.

Отчет

This LOW impact vulnerability in GnuPG allows a remote attacker to trigger a denial of service. By processing a specially crafted long signature packet, the GnuPG application can crash, rendering it unavailable. This affects Red Hat Enterprise Linux and other products utilizing GnuPG.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	gnupg2	Fix deferred
Red Hat Enterprise Linux 6	gnupg2	Fix deferred
Red Hat Enterprise Linux 7	gnupg2	Fix deferred
Red Hat Enterprise Linux 8	gnupg2	Fix deferred
Red Hat Enterprise Linux 9	gnupg2	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=2433463GnuPG: GnuPG: Denial of service due to specially crafted signature packet

EPSS

Процентиль: 2%

0.00013

Низкий

3.7 Low

CVSS3

Связанные уязвимости

CVE-2026-24883

CVSS3: 3.7

ubuntu

около 2 месяцев назад

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).

CVE-2026-24883

CVSS3: 3.7

nvd

около 2 месяцев назад

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).

CVE-2026-24883

CVSS3: 3.7

debian

около 2 месяцев назад

In GnuPG before 2.5.17, a long signature packet length causes parse_si ...

GHSA-7246-cvp4-g68w

CVSS3: 3.7

github

около 2 месяцев назад

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).

openSUSE-SU-2026:20136-1

suse-cvrf

около 2 месяцев назад

Security update for gpg2

EPSS

Процентиль: 2%

0.00013

Низкий

3.7 Low

CVSS3