Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-24882

8.4 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months, 2 weeks ago

In GnuPG before 2.5.17, a stack-based buffer overflow exists in …

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.

References

Affected products

GnuPG

<2.5.17

Matching in nixpkgs

pkgs.gnupg24

Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation

nixos-unstable 2.4.8
- nixpkgs-unstable 2.4.8
- nixos-unstable-small 2.4.8
nixos-25.11 2.4.8
- nixpkgs-25.11-darwin 2.4.8

pkgs.pam_gnupg

Unlock GnuPG keys on login

nixos-unstable 0.4
- nixpkgs-unstable 0.4
- nixos-unstable-small 0.4
nixos-25.11 0.4
- nixpkgs-25.11-darwin 0.4

pkgs.gnupg1compat

Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation with symbolic links for gpg and gpgv

nixos-unstable 2.4.8
- nixpkgs-unstable 2.4.8
- nixos-unstable-small 2.4.8
nixos-25.11 2.4.8
- nixpkgs-25.11-darwin 2.4.8

pkgs.gnupg-pkcs11-scd

Smart-card daemon to enable the use of PKCS#11 tokens with GnuPG

nixos-unstable pkcs11-scd-0.11.0
- nixpkgs-unstable pkcs11-scd-0.11.0
- nixos-unstable-small pkcs11-scd-0.11.0
nixos-25.11 pkcs11-scd-0.11.0
- nixpkgs-25.11-darwin pkcs11-scd-0.11.0

pkgs.phpExtensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-25.11 1.5.4
- nixpkgs-25.11-darwin 1.5.4

pkgs.php81Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.3
- nixpkgs-unstable 1.5.3
- nixos-unstable-small 1.5.3

pkgs.php82Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.3
- nixpkgs-unstable 1.5.3
- nixos-unstable-small 1.5.3
nixos-25.11 1.5.4
- nixpkgs-25.11-darwin 1.5.4

pkgs.php83Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.3
- nixpkgs-unstable 1.5.3
- nixos-unstable-small 1.5.3
nixos-25.11 1.5.4
- nixpkgs-25.11-darwin 1.5.4

pkgs.php84Extensions.gnupg

PHP wrapper for GpgME library that provides access to GnuPG

nixos-unstable 1.5.3
- nixpkgs-unstable 1.5.3
- nixos-unstable-small 1.5.3

pkgs.sequoia-chameleon-gnupg

Sequoia's reimplementation of the GnuPG interface

nixos-unstable 0.13.1
- nixpkgs-unstable 0.13.1
- nixos-unstable-small 0.13.1
nixos-25.11 0.13.1
- nixpkgs-25.11-darwin 0.13.1

pkgs.perlPackages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-unstable 1.03
- nixpkgs-unstable 1.03
- nixos-unstable-small 1.03
nixos-25.11 1.03
- nixpkgs-25.11-darwin 1.03

pkgs.perl538Packages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-unstable 1.03
- nixpkgs-unstable 1.03
- nixos-unstable-small 1.03
nixos-25.11 1.03
- nixpkgs-25.11-darwin 1.03

pkgs.perl540Packages.GnuPGInterface

Supply object methods for interacting with GnuPG

nixos-unstable 1.03
- nixpkgs-unstable 1.03
- nixos-unstable-small 1.03

pkgs.python312Packages.python-gnupg

API for the GNU Privacy Guard (GnuPG)

nixos-unstable 0.5.4
- nixpkgs-unstable 0.5.4
- nixos-unstable-small 0.5.4
nixos-25.11 0.5.5
- nixpkgs-25.11-darwin 0.5.5

pkgs.python313Packages.python-gnupg

API for the GNU Privacy Guard (GnuPG)

nixos-unstable 0.5.4
- nixpkgs-unstable 0.5.4
- nixos-unstable-small 0.5.4
nixos-25.11 0.5.5
- nixpkgs-25.11-darwin 0.5.5

Package maintainers

@fpletz Franz Pletz <fpletz@fnordicwalking.de>
@stigtsp Stig Palmquist <stig@stig.io>
@matthiasbeyer Matthias Beyer <mail@beyermatthias.de>
@philandstuff Philip Potter <philip.g.potter@gmail.com>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@piotrkwiecinski Piotr Kwiecinski <piokwiecinski+nixpkgs@gmail.com>
@drupol Pol Dellaiera <pol.dellaiera@protonmail.com>
@taikx4 taikx4 <taikx4@taikx4szlaj2rsdupcwabg35inbny4jk322ngeb7qwbbhd5i55nf5yyd.onion>
@aanderse Aaron Andersen <aaron@fosslib.net>
@NickCao Nick Cao <nickcao@nichi.co>