Description
Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.
Published: 2026-04-23
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service and heap‑based buffer overflow
Action: Apply Patch
AI Analysis

Impact

A crafted ECDH ciphertext can cause Libgcrypt to overflow a heap buffer during decryption, which may crash the process and deny service. The vulnerability is rooted in improper handling of ciphertext size and memory allocation, as reflected by the CWE identifiers for buffer over‑read and overflow.

Affected Systems

The flaw exists in all releases of Libgcrypt older than 1.12.2. Any system that incorporates Libgcrypt before that version—such as GnuPG and other cryptographic applications—may be affected unless the library has been upgraded or patched.

Risk and Exploitability

The CVSS score of 6.7 indicates a medium severity, while the EPSS score of less than 1% suggests that exploitation is currently unlikely. The vulnerability is not listed in CISA’s KEV catalog, reducing the likelihood of widespread attacks. However, the attack vector is inferred to require delivery of a crafted ciphertext to the library, meaning that any application or service that feeds external data into gcry_pk_decrypt is potentially at risk.

Generated by OpenCVE AI on April 28, 2026 at 07:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Libgcrypt to version 1.12.2 or later to remove the vulnerable code.
  • Apply any vendor‑issued security patches that address this overflow.
  • If a quick upgrade is not feasible, add application‑level input validation to reject ECDH ciphertexts that exceed the expected size range and isolate cryptographic operations in a restricted or sandboxed environment.

Generated by OpenCVE AI on April 28, 2026 at 07:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6294-1 libgcrypt20 security update
History

Sat, 25 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Libgcrypt: Libgcrypt: Denial of Service and buffer overflow via crafted ECDH ciphertext
Weaknesses CWE-131
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 23 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 05:00:00 +0000

Type Values Removed Values Added
Description Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.
First Time appeared Gnupg
Gnupg libgcrypt
Weaknesses CWE-787
CPEs cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*
Vendors & Products Gnupg
Gnupg libgcrypt
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H'}

Subscriptions

Gnupg Libgcrypt
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-23T16:22:47.896Z

Reserved: 2026-04-23T04:30:25.690Z

Link: CVE-2026-41989

cve-icon Vulnrichment

Updated: 2026-04-23T16:08:09.258Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-23T05:16:05.750

Modified: 2026-04-27T18:33:18.157

Link: CVE-2026-41989

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-23T04:30:26Z

Links: CVE-2026-41989 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T07:45:26Z

Weaknesses