CNNVD-202601-4464 Information

CNNVD ID

CNNVD-202601-4464

Related CVE

CVE-2026-24882

• CNNVD Published: 2026-01-27

Description (Chinese)

GNUPG是美国GNU社区的一套开源的加密软件，采用GNU通用公共许可证。该软件支持公钥、对称加密、散列等算法。 GnuPG 2.5.17之前版本存在安全漏洞，该漏洞源于tpm2daemon在处理TPM支持的RSA和ECC密钥的PKDECRYPT命令时存在基于栈的缓冲区溢出。

Description (English)

GNUPG is an open-source encryption software for the GNU community in the United States, using the GNU General Public Licence. The software supports algorithms such as public keys, symmetric encryption, hash. The previous version of GnuPG 2.5.17 had a security loophole, which originated from the silo-based buffer zone that tpm2daemon had in place when it handled PKDECRYPT orders supported by TPM and ECC keys.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

GNU

Published

2026-01-27

Last Modified

2026-02-24

References

https://dev.gnupg.org/T8045 https://www.openwall.com/lists/oss-security/2026/01/27/8

Patch

https://gnupg.org/