threat
engine
.sh
Back
·
··:··
Home
/
Product
/
gnupg
Product
gnupg
55 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-41990
>= 1.12.0 and < 1.12.2
Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-control
4.0
MEDIUM
CVE-2026-41989
>= 1.8.8 and < 1.10.4
Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk
6.7
MEDIUM
CVE-2026-24883
>= 2.5.13 and < 2.5.17
In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig-data[] set to a NULL valu
3.7
LOW
CVE-2026-24882
>= 2.5.13 and < 2.5.17
In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed
8.4
HIGH
CVE-2026-24881
>= 2.5.13 and < 2.5.17
In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-b
8.1
HIGH
CVE-2025-68973
<= 2.4.8
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an ou
7.8
HIGH
CVE-2025-68972
<= 2.4.8
In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message t
5.9
MEDIUM
CVE-2025-30258
< 2.4.8
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or th
2.7
LOW
CVE-2022-3219
all versions
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached
3.3
LOW
CVE-2022-3515
>= 2.3.0 and < 2.4.0
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploi
9.8
CRITICAL
CVE-2022-47629
< 1.6.3
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
9.8
CRITICAL
CVE-2022-34903
<= 2.3.6
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and othe
6.5
MEDIUM
CVE-2021-40528
< 1.9.4
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptograph
5.9
MEDIUM
CVE-2021-33560
< 1.8.8
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-c
7.5
HIGH
CVE-2021-3345
all versions
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final fun
7.8
HIGH
CVE-2020-25125
all versions
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when
7.8
HIGH
CVE-2019-14855
< 2.2.18
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker coul
7.5
HIGH
CVE-2015-0837
< 1.4.19
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by levera
5.9
MEDIUM
CVE-2014-3591
< 1.4.19
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physica
4.2
MEDIUM
CVE-2011-2207
< 2.1.0
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via
5.3
MEDIUM
CVE-2015-1607
< 1.4.19
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shif
5.5
MEDIUM
CVE-2015-1606
< 2.1.2
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of
5.5
MEDIUM
CVE-2019-13050
<= 2.2.16
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to
7.5
HIGH
CVE-2019-12904
all versions
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses
5.9
MEDIUM
CVE-2018-1000858
>= 2.1.12 and <= 2.2.11
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker con
8.8
HIGH
CVE-2017-7526
< 1.7.8
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while usin
6.1
MEDIUM
CVE-2018-0495
< 1.7.10
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated
4.7
MEDIUM
CVE-2018-12020
< 2.2.8
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote
7.5
HIGH
CVE-2018-9234
all versions
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which re
7.5
HIGH
CVE-2018-6829
<= 1.8.2
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows a
7.5
HIGH
CVE-2017-0379
<= 1.8.0
Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover
7.5
HIGH
CVE-2017-9526
<= 1.7.6
In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process)
5.9
MEDIUM
CVE-2016-6313
<= 1.4.14
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuP
5.3
MEDIUM
CVE-2016-4579
<= 1.3.3
Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors,
7.5
HIGH
CVE-2016-4574
<= 1.3.3
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cau
7.5
HIGH
CVE-2016-4356
<= 1.3.2
The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of servi
7.5
HIGH
CVE-2016-4355
<= 1.3.2
Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) vi
7.5
HIGH
CVE-2016-4354
<= 1.3.2
ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of serv
7.5
HIGH
CVE-2016-4353
<= 1.3.2
ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a d
7.5
HIGH
CVE-2015-7511
<= 1.6.4
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for
2.0
LOW
CVE-2014-9087
all versions
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a de
CVE-2014-5270
<= 1.5.3
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext ran
CVE-2014-4617
<= 1.4.16
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers t
CVE-2013-4576
<= 1.4.15
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, w
CVE-2013-4402
all versions
The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of ser
CVE-2013-4351
all versions
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (a
CVE-2013-4242
<= 1.4.13
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain p
CVE-2012-6085
all versions
The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote
CVE-2010-2547
>= 2.0.0 and <= 2.0.16
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial o
8.1
HIGH
CVE-2008-1530
all versions
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via c
CVE-2007-1263
<= 1.4.6
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned
CVE-2006-6169
all versions
Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively,
CVE-2006-3746
all versions
Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) v
CVE-2006-3082
<= 1.9.20
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg cr
CVE-2005-0366
< 1.4.1
The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin