{"id":"CVE-2026-41989","details":"Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.","modified":"2026-05-28T04:11:55.839513838Z","published":"2026-04-23T04:30:26.124Z","database_specific":{"cna_assigner":"mitre","cwe_ids":["CWE-787"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41989.json","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"1.8.8"},{"fixed":"1.10.4"},{"introduced":"1.11.0"},{"fixed":"1.11.3"},{"introduced":"1.12.0"},{"fixed":"1.12.2"}]},{"source":"CPE_FIELD","extracted_events":[{"introduced":"1.8.8"},{"fixed":"1.10.4"},{"introduced":"1.11.0"},{"fixed":"1.11.3"},{"introduced":"1.12.0"},{"fixed":"1.12.2"}]},{"source":"DESCRIPTION","extracted_events":[{"fixed":"1.12.2"}]}]},"references":[{"type":"WEB","url":"https://dev.gnupg.org/T8211"},{"type":"WEB","url":"https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/04/21/1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41989.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41989"}],"affected":[{"ranges":[{"type":"GIT","repo":"git://git.gnupg.org/libgcrypt.git","events":[{"introduced":"d3d4803ca1b1d50fdb0c8fa2891c75e0229ff25f"},{"fixed":"d365a41094571f2cce18f27b53ffdceb540f77bb"},{"introduced":"9d94d7846cde272b8b1519ba96e53967bf0b90d2"},{"fixed":"089ff0edf61ba829714a568778087eeac5b0df82"},{"introduced":"efd5e1e7b4e7861b53eafdbf197fd6d4ff6f45e1"},{"fixed":"efc346430901b84f1f580a147191624d7ded0db6"}],"database_specific":{"cpe":"cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*","source":"CPE_RANGE","extracted_events":[{"introduced":"1.8.8"},{"fixed":"1.10.4"},{"introduced":"1.11.0"},{"fixed":"1.11.3"},{"introduced":"1.12.0"},{"fixed":"1.12.2"}]}}],"versions":["libgcrypt-1.12.1","libgcrypt-1.12.0","libgcrypt-1.11.2","libgcrypt-1.11.1","libgcrypt-1.11.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-41989.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/gpg/libgcrypt","events":[{"introduced":"d3d4803ca1b1d50fdb0c8fa2891c75e0229ff25f"},{"fixed":"d365a41094571f2cce18f27b53ffdceb540f77bb"},{"introduced":"9d94d7846cde272b8b1519ba96e53967bf0b90d2"},{"fixed":"089ff0edf61ba829714a568778087eeac5b0df82"},{"introduced":"efd5e1e7b4e7861b53eafdbf197fd6d4ff6f45e1"},{"fixed":"efc346430901b84f1f580a147191624d7ded0db6"}],"database_specific":{"cpe":"cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*","source":"CPE_RANGE","extracted_events":[{"introduced":"1.8.8"},{"fixed":"1.10.4"},{"introduced":"1.11.0"},{"fixed":"1.11.3"},{"introduced":"1.12.0"},{"fixed":"1.12.2"}]}}],"versions":["libgcrypt-1.12.1","libgcrypt-1.12.0","libgcrypt-1.11.2","libgcrypt-1.11.1","libgcrypt-1.11.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-41989.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}]}