Gpg4win
Monthly
In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash). [CVSS 3.7 LOW]
Stack-based buffer overflow in GnuPG's tpm2daemon component allows local attackers to achieve full system compromise through specially crafted PKDECRYPT commands targeting TPM-backed RSA and ECC keys. Public exploit code exists for this vulnerability, which affects GnuPG versions before 2.5.17 and impacts users of GnuPG, Gpg4win, and Stack Overflow integrations. No patch is currently available, leaving systems vulnerable to local privilege escalation and arbitrary code execution.
GnuPG's gpg-agent fails to properly validate session key sizes in S/MIME messages, allowing remote attackers to trigger a stack buffer overflow via oversized CMS EnvelopedData payloads. Public exploit code exists for this vulnerability, which affects GnuPG versions before 2.5.17 and can be weaponized for denial of service or potentially remote code execution. No patch is currently available.
In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash). [CVSS 3.7 LOW]
Stack-based buffer overflow in GnuPG's tpm2daemon component allows local attackers to achieve full system compromise through specially crafted PKDECRYPT commands targeting TPM-backed RSA and ECC keys. Public exploit code exists for this vulnerability, which affects GnuPG versions before 2.5.17 and impacts users of GnuPG, Gpg4win, and Stack Overflow integrations. No patch is currently available, leaving systems vulnerable to local privilege escalation and arbitrary code execution.
GnuPG's gpg-agent fails to properly validate session key sizes in S/MIME messages, allowing remote attackers to trigger a stack buffer overflow via oversized CMS EnvelopedData payloads. Public exploit code exists for this vulnerability, which affects GnuPG versions before 2.5.17 and can be weaponized for denial of service or potentially remote code execution. No patch is currently available.