CVE-2026-41989
published 2026-04-23CVE-2026-41989: Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.
medium6.7CVSS 3.1
AVLACHPRNUINSUCNIHAH
Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnupg | libgcrypt | — | — |
| gnupg | libgcrypt | >= 1.11.0 < 1.11.3 | 1.11.3 |
| gnupg | libgcrypt | >= 1.12.0 < 1.12.2 | 1.12.2 |
| gnupg | libgcrypt | >= 1.8.8 < 1.10.4 | 1.10.4 |
| mozilla | thunderbird | — | — |
| ubuntu | libgcrypt20 | — | — |