IM
IronMonkey Threat Research

CVE-2026-41989 MEDIUM

Published: 2026-04-23 | Last Modified: 2026-07-14 | Status: Modified

Description

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.

CVSS Metrics

Base Score: 6.7 (MEDIUM)

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack VectorLOCAL
Attack ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactHIGH
Availability ImpactHIGH

Source: [email protected]

Type: Secondary

Exploitability Score: 1.4

Impact Score: 5.2

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-787

Affected Products

Vendor Product Version Update Type
gnupg libgcrypt * <built-in method update of dict object at 0x702bdd6adcc0> Application
gnupg libgcrypt * <built-in method update of dict object at 0x702bdd6a42c0> Application
gnupg libgcrypt * <built-in method update of dict object at 0x702bdd6ac280> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*
Notification
Message here