Description
In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).
Published: 2026-01-27
Score: 3.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

In GnuPG versions before 2.5.17 a crafted signature packet with an excessively long length can be parsed successfully while the internal data structure receives a NULL assignment. When subsequent operations access the data, the application crashes, causing a denial of service. The weakness is a NULL pointer dereference as identified by CWE‑476.

Affected Systems

Vendor: GnuPG. Product: GnuPG. Versions affected are all releases prior to 2.5.17, including the libraries bundled in GPG4Win deployments.

Risk and Exploitability

The CVSS score is 3.7, indicating a moderate impact level when the vulnerability is exercised. The EPSS score is below 1 %, suggesting a very low probability of exploitation in the wild at the time of analysis. The vulnerability is not listed in the CISA KEV catalog. Likely exploitation requires an attacker to provide an adversarial signature packet to a system running GnuPG, which then crashes the application. The attack vector is inferred from the nature of the bug; no public exploitation is reported.

Generated by OpenCVE AI on April 18, 2026 at 01:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade GnuPG to version 2.5.17 or later.
  • If an immediate upgrade is not feasible, avoid processing untrusted signature packets by restricting source or using hardened verification processes.
  • Monitor application logs for crashes or abnormal termination to detect potential exploitation attempts.

Generated by OpenCVE AI on April 18, 2026 at 01:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 06 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Gpg4win
Gpg4win gpg4win
CPEs cpe:2.3:a:gnupg:gnupg:*:*:*:*:-:*:*:*
cpe:2.3:a:gpg4win:gpg4win:*:*:*:*:*:*:*:*
Vendors & Products Gpg4win
Gpg4win gpg4win

Wed, 28 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*

Wed, 28 Jan 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Gnupg
Gnupg gnupg
Vendors & Products Gnupg
Gnupg gnupg

Wed, 28 Jan 2026 12:15:00 +0000

Type Values Removed Values Added
Title GnuPG: GnuPG: Denial of service due to specially crafted signature packet
References
Metrics threat_severity

None

 threat_severity

Low

Tue, 27 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 19:00:00 +0000

Type Values Removed Values Added
Description In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Gnupg Gnupg
Gpg4win Gpg4win
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-01-28T15:52:11.076Z

Reserved: 2026-01-27T18:43:18.620Z

Link: CVE-2026-24883

cve-icon Vulnrichment

Updated: 2026-01-27T20:02:29.427Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-27T19:16:16.823

Modified: 2026-02-06T18:06:07.760

Link: CVE-2026-24883

cve-icon Redhat

Severity : Low

Publid Date: 2026-01-27T18:43:18Z

Links: CVE-2026-24883 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T02:00:10Z

Weaknesses