CNNVD-202601-4460 Information

CNNVD ID

CNNVD-202601-4460

Related CVE

CVE-2026-24883

• CNNVD Published: 2026-01-27

Description (Chinese)

GNUPG是美国GNU社区的一套开源的加密软件，采用GNU通用公共许可证。该软件支持公钥、对称加密、散列等算法。 GnuPG 2.5.17之前版本存在代码问题漏洞，该漏洞源于过长的签名包长度可能导致parse_signature返回成功但sig->data[]设置为空值，可能导致拒绝服务。

Description (English)

GNUPG is an open-source encryption software for the GNU community in the United States, using the GNU General Public Licence. The software supports algorithms such as public keys, symmetric encryption, hash. GnuPG 2.5.17 has a code problem loophole that stems from the excessive length of the signature package that could lead to a successful return of parse signature but set to an empty sig->data[], which could lead to the denial of service.

Hazard Level

Critical

Vulnerability Type

代码问题

Affected Vendor

GNU

Published

2026-01-27

Last Modified

2026-02-24

References

https://dev.gnupg.org/T8049 https://www.openwall.com/lists/oss-security/2026/01/27/8

Patch

https://gnupg.org/