CVE-2026-41989

Name

CVE-2026-41989

Description

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

Exploits

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
cve@mitre.org	https://dev.gnupg.org/T8211
cve@mitre.org	https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html
cve@mitre.org	https://www.openwall.com/lists/oss-security/2026/04/21/1

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:gnupg:libgcrypt::::::::`	libgcrypt	>= 1.8.8	< 1.10.4
`cpe:2.3:a:gnupg:libgcrypt::::::::`	libgcrypt	>= 1.11.0	< 1.11.3
`cpe:2.3:a:gnupg:libgcrypt::::::::`	libgcrypt	>= 1.12.0	< 1.12.2

Source package	Branch	Version	Maintainer	Status
libgcrypt	edge-main	1.12.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libgcrypt	edge-main	1.11.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libgcrypt	edge-main	1.10.3-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libgcrypt	edge-main	1.9.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libgcrypt	3.23-main	1.11.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libgcrypt	3.22-main	1.10.3-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libgcrypt	3.22-main	1.9.4-r0	None	possibly vulnerable
libgcrypt	3.21-main	1.10.3-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libgcrypt	3.21-main	1.9.4-r0	None	possibly vulnerable
libgcrypt	3.20-main	1.10.3-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libgcrypt	3.20-main	1.9.4-r0	None	possibly vulnerable
libgcrypt	3.19-main	1.10.3-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libgcrypt	3.19-main	1.9.4-r0	None	possibly vulnerable