Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2026-24883

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).

Published

2026-01-27T19:16:16.823

Last Modified

2026-02-06T18:06:07.760

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.7 (LOW)

Weaknesses

Type: Secondary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnupg	gnupg	< 2.5.17	Yes
Application	gpg4win	gpg4win	< 5.0.1	Yes

References

https://dev.gnupg.org/T8049 Patch, Product ([email protected])
https://www.openwall.com/lists/oss-security/2026/01/27/8 Mailing List, Third Party Advisory ([email protected])