pkg:Debian/gnupg2
35 total CVEsHIGH10MEDIUM6LOW2
✅ Check your installed version
All known vulnerabilities
- HIGH8.8CVE-2018-1000858GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled C…from 0, < 2.2.12-1
- from 0, < 2.0.14-2
- from 0, < 2.0.9-3.1+lenny1
- HIGH7.8CVE-2026-24882In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and…from 0
- HIGH7.5CVE-2019-14855A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm.from 0, < 2.2.19-1
- from 0, < 2.2.8-1
- from 0, < 2.0.26-6+deb8u2
- HIGH7.5CVE-2018-9234GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in…from 0, < 2.2.7-1
- from 0, < 2.2.27-2+deb11u3
- from 0, < 2.2.27-2+deb11u3
- from 0, < 2.2.12-1+deb10u2
- from 0, < 2.2.27-2+deb11u2
- MEDIUM5.5CVE-2015-1607kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which…from 0, < 2.0.26-5
- MEDIUM5.5CVE-2015-1606The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (…from 0, < 2.0.26-5
- MEDIUM4.7CVE-2025-68972In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that place…from 0
- MEDIUM4.7CVE-2025-30258In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has in…from 0
- LOW3.7CVE-2026-24883In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leadi…from 0
- LOW3.3CVE-2022-3219GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compres…from 0
- from 0, < 2.0.24-1
- from 0, < 2.0.14-2+squeeze2
- from 0, < 2.0.19-2+deb7u2
- —CVE-2013-4402The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (inf…from 0, < 2.0.22-1
- from 0, < 2.0.22-1
- from 0, < 2.0.14-2+squeeze2
- from 0, < 2.0.19-2
- from 0, < 2.0.14-2+squeeze1
- —CVE-2008-1530GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted du…from 0, < 2.0.9-1
- from 0, < 2.0.3-1
- —CVE-2006-6235A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute a…from 0, < 2.0.0-5.2
- from 0, < 2.0.0-5.1
- from 0, < 1.9.15-6sarge2
- from 0, < 1.9.20-2
- from 0, < 1.9.20-1.1
- from 0, < 1.9.15-6sarge1
- —CVE-2005-2023The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent p…from 0, < 1.9.15-1