Gnupg Libgcrypt
9 CVEs affecting Gnupg Libgcrypt. Latest disclosed: 2026-04-23. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-0379 | High | 7.5 | 2017-08-29 | Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cip… |
CVE-2026-41989 | Medium | 6.7 | 2026-04-23 | Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt. |
CVE-2017-7526 | Medium | 6.1 | 2018-07-26 | libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method fo… |
CVE-2017-9526 | Medium | 5.9 | 2017-06-11 | In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-… |
CVE-2016-6313 | Medium | 5.3 | 2016-12-13 | The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easie… |
CVE-2026-41990 | Medium | 4.0 | 2026-04-23 | Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data. |
CVE-2015-7511 | Low | 2.0 | 2016-04-19 | Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attacker… |
CVE-2014-5270 | | 2014-10-10 | Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it ea… | |
CVE-2013-4242 | | 2013-08-19 | GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache s… |