Skip to main content

Libgcrypt CVE-2026-41989

| EUVDEUVD-2026-25192 MEDIUM
Out-of-bounds Write (CWE-787)
2026-04-23 mitre GHSA-wrv8-79m2-qg24
6.7
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.7 MEDIUM
AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
SUSE
MEDIUM
qualitative
Red Hat
7.5 MEDIUM
qualitative

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

6
Patch released
Apr 27, 2026 - 18:33 nvd
Patch available
Analysis Generated
Apr 23, 2026 - 07:08 vuln.today
Patch available
Apr 23, 2026 - 06:16 EUVD
EUVD ID Assigned
Apr 23, 2026 - 05:00 euvd
EUVD-2026-25192
Analysis Generated
Apr 23, 2026 - 05:00 vuln.today
CVE Published
Apr 23, 2026 - 04:30 nvd
MEDIUM 6.7

DescriptionCVE.org

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.

AnalysisAI

Heap-based buffer overflow in Libgcrypt before 1.12.2 allows local attackers to trigger denial of service and corrupt memory via crafted ECDH ciphertext passed to gcry_pk_decrypt, affecting cryptographic operations in dependent applications including GnuPG. No public exploit code or active exploitation has been identified at time of analysis; vendor has released patched versions 1.10.4, 1.11.3, and 1.12.2 to resolve the vulnerability.

Technical ContextAI

Libgcrypt is the cryptographic library underlying GnuPG and other security-critical applications. The vulnerability resides in the elliptic-curve Diffie-Hellman (ECDH) decryption handler (gcry_pk_decrypt function), which fails to properly validate the bounds of ciphertext input before copying decrypted data into a heap-allocated buffer. This is a classic write-what-where condition classified as CWE-787 (Out-of-bounds Write). The flaw allows an attacker to craft malformed ECDH ciphertext that, when decrypted, writes beyond the intended buffer boundary, corrupting adjacent heap structures and potentially achieving code execution or controlled denial of service.

RemediationAI

Immediate remediation: upgrade Libgcrypt to version 1.10.4, 1.11.3, or 1.12.2 or later, depending on your current branch. Users of GnuPG and other dependent projects should update those packages to versions that include the patched Libgcrypt. For systems unable to patch immediately, disable ECDH key exchange if alternative key-agreement mechanisms are available, though this may impact interoperability. Apply strict input validation at the application layer: reject ECDH ciphertexts from untrusted sources or validate ciphertext format before passing to gcry_pk_decrypt. Monitor heap corruption indicators (crashes, segfaults, memory errors) in dependent applications as a sign of exploitation attempts. Patch availability confirmed via https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html.

CVE-2018-6829 HIGH POC
7.5 Feb 07

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, whic

CVE-2021-40528 MEDIUM POC
5.9 Sep 06

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two c

CVE-2018-0495 MEDIUM POC
4.7 Jun 13

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be

CVE-2017-0379 HIGH
7.5 Aug 29

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers t

CVE-2021-3345 HIGH
7.8 Jan 29

_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest

CVE-2021-33560 HIGH
7.5 Jun 08

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to addres

CVE-2017-9526 MEDIUM
5.9 Jun 11

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signin

CVE-2016-6313 MEDIUM
5.3 Dec 13

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.

CVE-2019-12904 MEDIUM
5.9 Jun 20

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical

CVE-2014-5270 LOW
2.1 Oct 10

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciph

CVE-2015-7511 LOW
2.0 Apr 19

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it e

CVE-2013-4242 LOW
1.9 Aug 19

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users t

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SLES15-SP5-CHOST-BYOS-SAP-CCloud Fixed
SLES15-SP6-CHOST-BYOS Fixed
SLES15-SP6-CHOST-BYOS-Aliyun Fixed
SLES15-SP6-CHOST-BYOS-Azure Fixed
SLES15-SP6-CHOST-BYOS-EC2 Fixed

Share

CVE-2026-41989 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy