CVE Catalog

CVE-2026-41989

MediumCVSS 6.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile - higher than 8% of all known CVEs

Summary

A vulnerability in Libgcrypt before version 1.12.2 allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext passed to gcry_pk_decrypt.

Risk Assessment

An attacker can remotely crash an application using Libgcrypt, leading to service disruption (DoS).

Recommendation

Immediately update Libgcrypt to version 1.12.2 or later.

Original NVD description (English source)

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS