Gpg4win

gpg4win

6 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-24883 2Gnupg Gpg4win 2Gnupg Gpg4win Feb 6, 2026 Jan 27, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).
CVE-2026-24881 2Gnupg Gpg4win 2Gnupg Gpg4win Feb 12, 2026 Jan 27, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be l...Show more In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.Show less
CVE-2022-3515 2Gnupg Gpg4win 4Gnupg Gpg4winLibksba+1 more Apr 8, 2025 Jan 12, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to...Show more A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.Show less
CVE-2020-25125 2Gnupg Gpg4win 2Gnupg Gpg4win Nov 21, 2024 Sep 3, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflo...Show more GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.Show less
CVE-2009-3805 1Gpg4win 1Gpg4win Apr 23, 2026 Oct 27, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature.
CVE-2006-6235 6Gnu Gpg4winRedhat+3 more 9Enterprise Linux Enterprise Linux DesktopFedora Core+6 more Apr 23, 2026 Dec 7, 2006 N/A· v4 N/A· v3 10.0 HIGH· v2 A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a funct...Show more A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.Show less