Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <87343rqa3o.fsf@gentoo.org>
Date: Tue, 27 Jan 2026 16:44:11 +0000
From: Sam James <sam@...too.org>
To: oss-security@...ts.openwall.com
Subject: GnuPG security release

GnuPG 2.5.17 has been released to fix a possible RCE:
* https://dev.gnupg.org/T8044 ("gpg-agent stack buffer overflow in pkdecrypt using KEM")

[Description for this one at the end, for the full quoted advisory.]

There's two other security-relevant bugs too:
* https://dev.gnupg.org/T8045 ("Stack-based buffer overflow in TPM2 `PKDECRYPT`")

> A stack-based buffer overflow exists in GnuPG’s tpm2daemon when handling
> the PKDECRYPT command for TPM-backed RSA and ECC keys. A local attacker
> who can access the daemon’s Assuan socket can send an oversized ciphertext
> and trigger memory corruption, resulting in a crash and potentially
> arbitrary code execution. When a user stores private keys inside a TPM,
> GnuPG runs a helper process called tpm2daemon to perform cryptographic
> operations on their behalf. Other GnuPG components communicate with this
> daemon over Assuan, a local IPC protocol. During a PKDECRYPT request,
> tpm2daemon copies the attacker-supplied ciphertext into fixed-size TPM
> work buffers without validating that the ciphertext fits. If the supplied
> ciphertext is larger than the TPM buffer, the copy operation writes past
> the end of the stack buffer and corrupts adjacent stack memory. This
> affects both supported TPM decrypt paths: RSA (tpm2_rsa_decrypt) and ECC
> (tpm2_ecc_decrypt). Because the overflow occurs on the stack and is
> attacker-controlled, it is potentially exploitable for code execution
> inside the tpm2daemon process.

* https://dev.gnupg.org/T8049 ("Null pointer dereference with overlong
signature packet")

> Overlong signature packet length causes parse_signature to return
> success with sig->data[] left NULL, leading to a crash in later
> consumers.

The advisory is at https://dev.gnupg.org/T7996#212268 (not yet on
gnupg-announce ML). Quoting that, which discusses the main bug (T8044):

> These versions are affected:
>
>    GnuPG 2.5.16 (released 2025-12-30)
>    GnuPG 2.5.15 (released 2025-12-29)
>    GnuPG 2.5.14 (released 2025-11-19)
>    GnuPG 2.5.13 (released 2025-10-22)
>    Gpg4win 5.0.0 (released 2026-01-14)
>    Gpg4win 5.0.0-beta479 (released 2026-01-02)
>    Gpg4win 5.0.0-beta476 (released 2025-12-22)
>    Gpg4win 5.0.0-beta395 (released 2025-10-22)
>
> All other versions are not affected.
>
> A crafted CMS (S/MIME) EnvelopedData message carrying an oversized
> wrapped session key can cause a stack buffer overflow in gpg-agent
> during the PKDECRYPT--kem=CMS handling. This can easily be used for a
> DoS but, worse, the memory corruption can very likley also be used to
> mount a remote code execution attack.
>
> A CVE-id has not been assigned. We track this bug as T8044 under
> https://dev.gnupg.org/T8044. This vulnerability was discovered by:
> OpenAI Security Research. Their report was received on 2026-01-18;
> fixed versions released 2026-01-27.
>
> Solution:
>
> If an affected GnuPG version is used please update ASAP to the new
> version 2.5.17.
>
> If an affected version of Gpg4win is used please update ASAP to the new
> version 5.0.1.
>
> If an immediate update is not possible please remove the gpgsm or
> gpgsm.exe binary, this way the the bug can't be remotely triggered.

sam

Download attachment "signature.asc" of type "application/pgp-signature" (419 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.