CVE-2026-41989

Summary

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.

Affected Software

VendorProductVersion RangeStatus
gnupgLibgcrypt1.8.8 < 1.10.4affected
gnupgLibgcrypt1.11.0 < 1.11.3affected
gnupgLibgcrypt1.12.0 < 1.12.2affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References