{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-24882", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-01-27T18:40:17.903Z", "datePublished": "2026-01-27T18:40:18.166Z", "dateUpdated": "2026-01-28T15:45:56.231Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "GnuPG", "vendor": "GnuPG", "versions": [{"lessThan": "2.5.17", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-01-28T15:45:56.231Z"}, "references": [{"url": "https://www.openwall.com/lists/oss-security/2026/01/27/8"}, {"url": "https://dev.gnupg.org/T8045"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.5.17"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T20:07:25.362188Z", "id": "CVE-2026-24882", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T20:07:38.876Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24882", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-27T20:07:25.362188Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T20:07:30.587Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "GnuPG", "product": "GnuPG", "versions": [{"status": "affected", "version": "0", "lessThan": "2.5.17", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.openwall.com/lists/oss-security/2026/01/27/8"}, {"url": "https://dev.gnupg.org/T8045"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.5.17"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-01-28T15:45:56.231Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24882", "state": "PUBLISHED", "dateUpdated": "2026-01-28T15:45:56.231Z", "dateReserved": "2026-01-27T18:40:17.903Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-01-27T18:40:18.166Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys."}], "id": "CVE-2026-24882", "lastModified": "2026-01-27T19:16:16.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2026-01-27T19:16:16.670", "references": [{"source": "cve@mitre.org", "url": "https://dev.gnupg.org/T8045"}, {"source": "cve@mitre.org", "url": "https://www.openwall.com/lists/oss-security/2026/01/27/8"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution", "id": "2433464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433464"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-121", "details": ["A flaw was found in GnuPG. This vulnerability, a stack-based buffer overflow, occurs in the `tpm2daemon` component when processing PKDECRYPT commands for cryptographic keys secured by a Trusted Platform Module (TPM). A local attacker could exploit this to execute unauthorized code, potentially gaining full control of the system, or disrupt its operation, leading to a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-24882", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "gnupg2", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "gnupg2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "gnupg2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "gnupg2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "gnupg2", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-27T18:40:18Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-24882\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-24882\nhttps://dev.gnupg.org/T8045\nhttps://www.openwall.com/lists/oss-security/2026/01/27/8"], "statement": "This is an IMPORTANT vulnerability in GnuPG's tpm2daemon, affecting systems configured to use TPM-backed RSA and ECC keys. A stack-based buffer overflow can occur when processing PKDECRYPT commands, potentially leading to denial of service or arbitrary code execution. Red Hat Enterprise Linux and Fedora systems are impacted if utilizing TPM-backed keys with GnuPG.", "threat_severity": "Important"}

{"created": "2026-01-28T12:22:03.244324+00:00", "updated": "2026-01-28T12:22:03.244357+00:00", "vendors": ["gnupg", "gnupg$PRODUCT$gnupg"]}