{
  "threat_severity" : "Low",
  "public_date" : "2026-01-27T18:43:18Z",
  "bugzilla" : {
    "description" : "GnuPG: GnuPG: Denial of service due to specially crafted signature packet",
    "id" : "2433463",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2433463"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-476",
  "details" : [ "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users." ],
  "statement" : "This LOW impact vulnerability in GnuPG allows a remote attacker to trigger a denial of service. By processing a specially crafted long signature packet, the GnuPG application can crash, rendering it unavailable. This affects Red Hat Enterprise Linux and other products utilizing GnuPG.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "gnupg2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "gnupg2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "gnupg2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "gnupg2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "gnupg2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-24883\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-24883\nhttps://dev.gnupg.org/T8049\nhttps://www.openwall.com/lists/oss-security/2026/01/27/8" ],
  "name" : "CVE-2026-24883",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}