DEBIAN-CVE-2026-24883
- Source
- https://security-tracker.debian.org/tracker/CVE-2026-24883
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-24883.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-24883
- Upstream
- Withdrawn
- 2026-01-30T20:18:55.571485Z
- Published
- 2026-01-27T19:16:16.823Z
- Modified
- 2026-01-30T20:18:55.571485Z
- Severity
-
- 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).
- References
Affected packages
Debian:11 / gnupg2
Package
- Name
- gnupg2
- Purl
- pkg:deb/debian/gnupg2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.2.27-2
2.2.27-2+deb11u1
2.2.27-2+deb11u2
2.2.27-2+deb11u3
2.2.27-3
2.2.34-1
2.2.35-1
2.2.35-2
2.2.35-3
2.2.39-1
2.2.40-1
2.2.40-1+hurd.1
2.2.40-1.1
2.2.40-1.1+hurd.1
2.2.40-1.1+loong64
2.2.40-2
2.2.40-3
2.2.43-1
2.2.43-2
2.2.43-3
2.2.43-4
2.2.43-5
2.2.43-6
2.2.43-7
2.2.43-8
2.2.44-1
2.2.45-1
2.2.45-2
2.2.45-3
2.2.46~pre1-1
2.2.46-1
2.2.46-2
2.2.46-3
2.2.46-4
2.2.46-5
2.2.46-6
2.3.1-1
2.4.3-2
2.4.4-1
2.4.4-2
2.4.4-3
2.4.4-4
2.4.5-1
2.4.5-2
2.4.5-3
2.4.6-1
2.4.7-1
2.4.7-2
2.4.7-3
2.4.7-4
2.4.7-5
2.4.7-6
2.4.7-7
2.4.7-8
2.4.7-9
2.4.7-10
2.4.7-11
2.4.7-12
2.4.7-13
2.4.7-14
2.4.7-15
2.4.7-16
2.4.7-17
2.4.7-18
2.4.7-19
2.4.7-20
2.4.7-21
2.4.8-1
2.4.8-2
2.4.8-3
2.4.8-4
2.4.8-5
2.4.8-6
2.4.9-1
Debian:12 / gnupg2
Package
- Name
- gnupg2
- Purl
- pkg:deb/debian/gnupg2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.2.40-1.1
2.2.40-1.1+deb12u1
2.2.40-1.1+deb12u2
2.2.40-1.1+hurd.1
2.2.40-1.1+loong64
2.2.40-2
2.2.40-3
2.2.43-1
2.2.43-2
2.2.43-3
2.2.43-4
2.2.43-5
2.2.43-6
2.2.43-7
2.2.43-8
2.2.44-1
2.2.45-1
2.2.45-2
2.2.45-3
2.2.46~pre1-1
2.2.46-1
2.2.46-2
2.2.46-3
2.2.46-4
2.2.46-5
2.2.46-6
2.3.1-1
2.4.3-2
2.4.4-1
2.4.4-2
2.4.4-3
2.4.4-4
2.4.5-1
2.4.5-2
2.4.5-3
2.4.6-1
2.4.7-1
2.4.7-2
2.4.7-3
2.4.7-4
2.4.7-5
2.4.7-6
2.4.7-7
2.4.7-8
2.4.7-9
2.4.7-10
2.4.7-11
2.4.7-12
2.4.7-13
2.4.7-14
2.4.7-15
2.4.7-16
2.4.7-17
2.4.7-18
2.4.7-19
2.4.7-20
2.4.7-21
2.4.8-1
2.4.8-2
2.4.8-3
2.4.8-4
2.4.8-5
2.4.8-6
2.4.9-1
Debian:13 / gnupg2
Package
- Name
- gnupg2
- Purl
- pkg:deb/debian/gnupg2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:14 / gnupg2
Package
- Name
- gnupg2
- Purl
- pkg:deb/debian/gnupg2?arch=source