Home

Description

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.

PUBLISHED Reserved 2026-04-23 | Published 2026-04-23 | Updated 2026-04-23 | Assigner mitre




MEDIUM: 6.7CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Problem types

CWE-787 Out-of-bounds Write

Product status

Default status
unaffected

1.8.8 (semver) before 1.10.4
affected

1.11.0 (semver) before 1.11.3
affected

1.12.0 (semver) before 1.12.2
affected

References

lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html

dev.gnupg.org/T8211

www.openwall.com/lists/oss-security/2026/04/21/1

cve.org (CVE-2026-41989)

nvd.nist.gov (CVE-2026-41989)

Download JSON