CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that allows a heap-based buffer overflow and denial of service (DoS) via specially crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext when using the gcry_pk_decrypt function.

This vulnerability arises from a buffer overwrite with zeroes during ECDH encryption operations affecting implementations using NIST, Brainpool, X448, or X25519 curves.

The flaw can be exploited to cause a denial-of-service attack by corrupting memory on the heap.

It was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that sometimes allows a heap-based buffer overflow and denial of service via crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the gcry_pk_decrypt function.

This vulnerability affects ECDH implementations using NIST, Brainpool, X448, or X25519 curves and can cause a buffer overwrite with zeroes during ECDH encryption operations.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack by triggering a heap-based buffer overflow during ECDH decryption operations.

A successful attack could crash applications using vulnerable versions of Libgcrypt, potentially disrupting services that rely on cryptographic operations.

Notably, GnuPG versions from 2.5.7 onward are not vulnerable due to their use of a different encryption API.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the critical buffer overwrite vulnerability in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Additionally, verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums against trusted release signing keys.

The provided information does not specify any direct impact of CVE-2026-41989 on compliance with common standards and regulations such as GDPR or HIPAA.

This vulnerability can impact you by allowing an attacker to cause a denial-of-service (DoS) condition in applications using vulnerable versions of Libgcrypt for ECDH operations.

Specifically, the heap-based buffer overflow can lead to application crashes or service interruptions when processing crafted ECDH ciphertext.

This could disrupt the availability of cryptographic services or applications relying on Libgcrypt for secure key exchange.

However, there is no indication that confidentiality or integrity of data is directly compromised by this vulnerability.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the critical buffer overwrite vulnerability in the ECDH implementation.

If you are using GnuPG, ensure it is version 2.5.7 or later, since these versions use a different encryption API and are not vulnerable.

Additionally, verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums using the official release signing keys.

CVE-2026-41989 is a vulnerability in Libgcrypt versions before 1.12.2 that sometimes allows a heap-based buffer overflow and denial of service via crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the gcry_pk_decrypt function.

This vulnerability arises from a buffer overwrite with zeroes during ECDH encryption operations affecting implementations using NIST, Brainpool, X448, or X25519 curves.

The flaw can be exploited to cause a denial-of-service (DoS) attack by triggering this buffer overflow.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack on systems using vulnerable versions of Libgcrypt during ECDH encryption operations.

A successful attack could lead to application crashes or service interruptions due to the heap-based buffer overflow.

Since the vulnerability does not impact confidentiality but affects integrity and availability, it could disrupt cryptographic operations relying on Libgcrypt.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the critical buffer overwrite vulnerability in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Additionally, verify the integrity and authenticity of the updated packages by checking OpenPGP signatures or SHA-1 checksums against trusted release signing keys.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that sometimes allows a heap-based buffer overflow and denial of service via crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the gcry_pk_decrypt function.

This vulnerability arises from a buffer overwrite with zeroes during ECDH encryption operations affecting implementations using NIST, Brainpool, X448, or X25519 curves.

The flaw can be exploited to cause a denial-of-service (DoS) attack by triggering this buffer overflow.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4.

This vulnerability can impact you by allowing an attacker to cause a denial-of-service (DoS) condition in applications using vulnerable versions of Libgcrypt.

Specifically, the heap-based buffer overflow triggered by crafted ECDH ciphertext can crash or disrupt the normal operation of software relying on Libgcrypt for cryptographic functions.

This could lead to service interruptions or application failures, potentially affecting availability.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the heap-based buffer overflow and denial of service issue in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums against the official release signing keys.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that allows a heap-based buffer overflow and denial of service (DoS) via specially crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext when using the gcry_pk_decrypt function.

This vulnerability affects ECDH implementations using several elliptic curves including NIST, Brainpool, X448, and X25519. The flaw can cause a buffer overwrite with zeroes during ECDH encryption operations, potentially leading to a denial-of-service condition.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4. Notably, GnuPG versions from 2.5.7 onward are not vulnerable because they use a different encryption API.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack by triggering a heap-based buffer overflow during ECDH decryption operations.

A successful exploit could crash applications using vulnerable versions of Libgcrypt, potentially disrupting services or applications relying on cryptographic operations.

Since the vulnerability does not impact confidentiality but affects integrity and availability, it could lead to service interruptions or application failures in systems using affected Libgcrypt versions.

To mitigate this vulnerability, you should upgrade Libgcrypt to version 1.12.2 or later, as this release contains the fix for the buffer overflow and denial-of-service vulnerability in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated packages by checking OpenPGP signatures or SHA-1 checksums using the official GnuPG FTP server or mirrors.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that allows a heap-based buffer overflow and denial of service (DoS) via specially crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext when using the gcry_pk_decrypt function.

This vulnerability affects ECDH implementations using several elliptic curves including NIST, Brainpool, X448, and X25519. The flaw can cause a buffer overwrite with zeroes, leading to a denial-of-service condition.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4. Notably, GnuPG versions from 2.5.7 onward are not vulnerable because they use a different encryption API.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack by triggering a heap-based buffer overflow during ECDH decryption operations.

A successful attack could crash or disrupt applications relying on vulnerable versions of Libgcrypt for cryptographic operations, potentially leading to service outages or degraded system availability.

Since the vulnerability does not impact confidentiality but affects integrity and availability, it may interrupt secure communications or cryptographic processes that depend on Libgcrypt.

This vulnerability affects Libgcrypt versions before 1.12.2, specifically in the ECDH implementation. Detection involves identifying if vulnerable versions of Libgcrypt are installed on your system.

You can check the installed Libgcrypt version using commands like:

• On Linux systems, run: `gcrypt-config --version` or `dpkg -l | grep libgcrypt`
• Alternatively, check the package manager for the installed version, e.g., `rpm -q libgcrypt` on RPM-based systems.

If the version is older than 1.12.2, your system is vulnerable. There are no specific network detection commands provided for this vulnerability since it is a library-level issue triggered by crafted ECDH ciphertext.

The primary mitigation step is to upgrade Libgcrypt to version 1.12.2 or later, as this version contains the fix for CVE-2026-41989.

If you are using GnuPG, ensure it is version 2.5.7 or later, as these versions use a different encryption API that is not vulnerable.

Verify the integrity and authenticity of the updated packages by checking OpenPGP signatures or SHA-1 checksums as provided by the official GnuPG FTP servers.

Avoid using vulnerable versions of Libgcrypt, especially the 1.10 series which is nearing end-of-life.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this release contains the fix for the heap-based buffer overflow and denial-of-service issue in the ECDH implementation.

If you are using GnuPG, ensure that your version is 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums against the official release signing keys.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that allows a heap-based buffer overflow and denial of service (DoS) via specially crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext when using the gcry_pk_decrypt function.

This vulnerability affects ECDH implementations using NIST, Brainpool, X448, or X25519 curves and can cause a buffer overwrite with zeroes, leading to a denial-of-service condition.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4, with GnuPG versions from 2.5.7 onward not vulnerable due to their use of a different encryption API.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack by triggering a heap-based buffer overflow during ECDH decryption operations.

An attacker could send crafted ECDH ciphertext that overwrites buffers with zeroes, potentially crashing the application or causing it to behave unpredictably.

Such a denial-of-service could disrupt services relying on Libgcrypt for cryptographic operations, impacting availability and reliability.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that allows a heap-based buffer overflow and denial of service via specially crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext when using the gcry_pk_decrypt function.

This vulnerability affects ECDH implementations using NIST, Brainpool, X448, or X25519 curves and can cause a buffer overwrite with zeroes, leading to a denial-of-service (DoS) attack.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4, with GnuPG versions from 2.5.7 onward not vulnerable due to their use of a different encryption API.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that sometimes allows a heap-based buffer overflow and denial of service (DoS) via crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the gcry_pk_decrypt function.

This vulnerability specifically affects ECDH implementations using NIST, Brainpool, X448, or X25519 curves, where a buffer overwrite with zeroes can occur during ECDH encryption operations.

The issue can cause the program to crash or behave unexpectedly due to memory corruption, leading to denial of service.

The vulnerability was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4.

This vulnerability can impact you by allowing an attacker to cause a denial-of-service (DoS) attack on systems using vulnerable versions of Libgcrypt.

Specifically, by sending crafted ECDH ciphertext, an attacker can trigger a heap-based buffer overflow that overwrites memory with zeroes, potentially crashing the application or causing it to become unresponsive.

This can disrupt services relying on cryptographic operations provided by Libgcrypt, affecting availability.

It does not directly impact confidentiality but can severely affect the integrity and availability of cryptographic services.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the critical buffer overwrite vulnerability in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums using the official release signing keys.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that allows a heap-based buffer overflow and denial of service (DoS) via specially crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext when using the gcry_pk_decrypt function.

This vulnerability affects ECDH implementations using several elliptic curves, including NIST, Brainpool, X448, and X25519. The flaw can cause a buffer overwrite with zeroes during ECDH encryption operations, potentially leading to a denial-of-service condition.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4. Notably, GnuPG versions from 2.5.7 onward are not vulnerable because they use a different encryption API.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack by triggering a heap-based buffer overflow during ECDH decryption operations.

A successful attack could crash applications using vulnerable versions of Libgcrypt, potentially disrupting services that rely on cryptographic operations for secure communications.

Since the vulnerability does not impact confidentiality or integrity directly (CVSS indicates no confidentiality impact but high integrity and availability impact), the main risk is service unavailability rather than data compromise.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the critical buffer overwrite vulnerability in the ECDH implementation.

If you are using GnuPG, ensure that your version is 2.5.7 or newer, as these versions use a different encryption API and are not vulnerable.

Additionally, verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums against trusted release signing keys.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that sometimes allows a heap-based buffer overflow and denial of service via crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the gcry_pk_decrypt function.

This vulnerability arises from a buffer overwrite with zeroes during ECDH encryption operations affecting implementations using NIST, Brainpool, X448, or X25519 curves.

Exploitation of this flaw can cause a denial-of-service (DoS) attack by corrupting memory on the heap.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack, which may crash or disrupt applications using vulnerable versions of Libgcrypt during ECDH decryption operations.

Since the flaw involves a heap-based buffer overflow, it could lead to application instability or crashes, potentially affecting the availability of services relying on Libgcrypt for cryptographic operations.

Notably, GnuPG versions from 2.5.7 onward are not vulnerable due to their use of a different encryption API.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the heap-based buffer overflow and denial of service issue in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums against the official release signing keys.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that allows a heap-based buffer overflow and denial of service (DoS) attack. This occurs via specially crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext sent to the gcry_pk_decrypt function.

The vulnerability affects ECDH implementations using several elliptic curves including NIST, Brainpool, X448, and X25519. Exploiting this flaw can cause a buffer overwrite with zeroes, leading to a denial-of-service condition.

This issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4. Notably, GnuPG versions from 2.5.7 onward are not vulnerable because they use a different encryption API.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack on systems using vulnerable versions of Libgcrypt. Specifically, an attacker can send crafted ECDH ciphertext that triggers a heap-based buffer overflow, leading to application crashes or service interruptions.

Such disruptions can affect the availability of cryptographic services relying on Libgcrypt, potentially impacting applications that depend on secure key exchange and encryption.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the heap-based buffer overflow and denial of service issue in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums against the official release signing keys.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that sometimes allows a heap-based buffer overflow and denial of service via crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the gcry_pk_decrypt function.

This vulnerability arises from a buffer overwrite with zeroes during ECDH encryption operations affecting implementations using NIST, Brainpool, X448, or X25519 curves.

The flaw can be exploited to cause a denial-of-service (DoS) attack by triggering this buffer overflow.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4.

This vulnerability can impact you by allowing an attacker to cause a denial-of-service (DoS) condition in applications using vulnerable Libgcrypt versions.

Specifically, the heap-based buffer overflow can be triggered by crafted ECDH ciphertext, leading to application crashes or service interruptions.

Such disruptions can affect the availability of cryptographic services relying on Libgcrypt for ECDH operations.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the heap-based buffer overflow and denial of service issue in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums against trusted release signing keys.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that sometimes allows a heap-based buffer overflow and denial of service (DoS) via crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the gcry_pk_decrypt function.

This vulnerability affects ECDH implementations using NIST, Brainpool, X448, or X25519 curves and can lead to a buffer overwrite with zeroes during ECDH encryption operations.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that sometimes allows a heap-based buffer overflow and denial of service via crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the gcry_pk_decrypt function.

This vulnerability occurs during ECDH encryption operations involving certain elliptic curves such as NIST, Brainpool, X448, or X25519. An attacker can exploit this flaw by sending specially crafted ciphertext that causes a buffer overwrite with zeroes, leading to a denial-of-service (DoS) condition.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4. Notably, GnuPG versions from 2.5.7 onward are not vulnerable because they use a different encryption API.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack on systems using vulnerable versions of Libgcrypt during ECDH decryption operations.

A successful attack could lead to application crashes or service interruptions, potentially affecting availability of cryptographic services that rely on Libgcrypt for ECDH operations.

Since the vulnerability does not impact confidentiality but affects integrity and availability, it could disrupt secure communications or cryptographic processes that depend on Libgcrypt.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version contains the fix for the heap-based buffer overflow and denial of service issue in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums against trusted release signing keys.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack by triggering a heap-based buffer overflow during ECDH decryption operations.

A successful exploit could crash applications using vulnerable Libgcrypt versions, potentially disrupting services that rely on cryptographic operations involving ECDH.

However, there is no indication that confidentiality or data integrity is directly compromised, as the CVSS score indicates no impact on confidentiality but high impact on integrity and availability.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that allows a heap-based buffer overflow and denial of service via crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext when using the gcry_pk_decrypt function.

This vulnerability arises from a buffer overwrite with zeroes during ECDH encryption operations affecting implementations using NIST, Brainpool, X448, or X25519 curves.

The flaw can be exploited to cause a denial-of-service (DoS) attack by triggering this buffer overflow.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack, which means an attacker could crash or disrupt applications using vulnerable versions of Libgcrypt during ECDH decryption operations.

Since the vulnerability involves a heap-based buffer overflow, it could potentially lead to application instability or crashes, impacting availability.

However, the vulnerability does not impact confidentiality (no data leakage) but affects integrity and availability.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the critical buffer overwrite vulnerability in the ECDH implementation.

If you are using GnuPG, ensure that your version is 2.5.7 or newer, since these versions use a different encryption API and are not vulnerable.

Additionally, verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums using the official release signing keys.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the heap-based buffer overflow and denial of service issue in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums against the official release signing keys.

CVE-2026-41989 is a vulnerability in Libgcrypt versions before 1.12.2 where a heap-based buffer overflow can occur during Elliptic Curve Diffie-Hellman (ECDH) decryption operations. This happens when crafted ECDH ciphertext is processed by the gcry_pk_decrypt function, potentially leading to a denial-of-service (DoS) attack.

The vulnerability affects ECDH implementations using several elliptic curves including NIST, Brainpool, X448, and X25519. It allows an attacker to overwrite memory buffers with zeroes, causing the application to crash or behave unexpectedly.

This issue was fixed in Libgcrypt version 1.12.2 and related releases, which include additional security and stability improvements.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack by triggering a heap-based buffer overflow during ECDH decryption operations. This means that an attacker could cause the affected application or system using vulnerable Libgcrypt versions to crash or become unresponsive.

Since the vulnerability does not impact confidentiality but affects integrity and availability, it could disrupt services relying on cryptographic operations, potentially leading to downtime or degraded system performance.

Notably, GnuPG versions from 2.5.7 onward are not vulnerable because they use a different encryption API.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, or to versions 1.11.3 or 1.10.4 which also contain the fix.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums against the official release signing keys.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that sometimes allows a heap-based buffer overflow and denial of service via crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the gcry_pk_decrypt function.

This vulnerability arises from a buffer overwrite with zeroes during ECDH encryption operations affecting implementations using NIST, Brainpool, X448, or X25519 curves.

Exploitation of this flaw can cause the affected software to crash or become unavailable, leading to denial-of-service (DoS) attacks.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4.

This vulnerability can impact you by allowing an attacker to cause a denial-of-service (DoS) condition in applications using vulnerable versions of Libgcrypt.

Specifically, crafted ECDH ciphertext can trigger a heap-based buffer overflow, leading to crashes or unavailability of cryptographic services.

If your software relies on Libgcrypt for cryptographic operations involving ECDH with affected curves, it may be susceptible to service interruptions.

Notably, GnuPG versions from 2.5.7 onward are not vulnerable due to their use of a different encryption API.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version contains the fix for the buffer overflow and denial-of-service issue in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, since these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums against the official release signing keys.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that sometimes allows a heap-based buffer overflow and denial of service via crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the gcry_pk_decrypt function.

This vulnerability affects ECDH implementations using NIST, Brainpool, X448, or X25519 curves and can be exploited by an attacker to cause a denial-of-service (DoS) attack through buffer overwrite with zeroes during ECDH encryption operations.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4.

This vulnerability can impact you by allowing an attacker to cause a denial-of-service (DoS) condition in applications using vulnerable versions of Libgcrypt during Elliptic Curve Diffie-Hellman (ECDH) encryption operations.

The heap-based buffer overflow can lead to a crash or service interruption, potentially disrupting the availability of cryptographic services or applications relying on Libgcrypt for ECDH encryption.

Notably, GnuPG versions from 2.5.7 onward are not vulnerable due to their use of a different encryption API.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack by triggering a heap-based buffer overflow during ECDH decryption operations.

An attacker could send crafted ECDH ciphertext that overwrites buffers with zeroes, potentially crashing the application or service using the vulnerable Libgcrypt versions.

This could lead to service interruptions or failures in systems relying on Libgcrypt for cryptographic operations, impacting availability.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version contains the fix for the critical buffer overwrite vulnerability in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Additionally, verify the integrity and authenticity of the updated packages by checking OpenPGP signatures or SHA-1 checksums against the official release signing keys.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that sometimes allows a heap-based buffer overflow and denial of service (DoS) via specially crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext when using the gcry_pk_decrypt function.

This vulnerability affects ECDH implementations using several elliptic curves including NIST, Brainpool, X448, and X25519. The flaw can cause a buffer overwrite with zeroes during ECDH encryption operations, potentially leading to a denial-of-service condition.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4. Notably, GnuPG versions from 2.5.7 onward are not vulnerable because they use a different encryption API.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack by triggering a heap-based buffer overflow during ECDH decryption operations.

An attacker could send crafted ECDH ciphertext that causes the vulnerable software to overwrite memory buffers with zeroes, potentially crashing the application or causing it to behave unpredictably.

This could disrupt services relying on Libgcrypt for cryptographic operations, leading to downtime or degraded security functionality.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version contains the fix for the heap-based buffer overflow and denial of service issue in the ECDH implementation.

If you are using GnuPG, ensure that your version is 2.5.7 or later, since these versions use a different encryption API and are not vulnerable.

Additionally, verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums using the official release signing keys.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that sometimes allows a heap-based buffer overflow and denial of service via crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the gcry_pk_decrypt function.

This vulnerability arises from a buffer overwrite with zeroes during ECDH encryption operations affecting implementations using NIST, Brainpool, X448, or X25519 curves.

Exploitation of this flaw can cause the affected software to crash or become unavailable, leading to denial-of-service conditions.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4.

This vulnerability can impact you by causing denial-of-service (DoS) attacks on systems using vulnerable versions of Libgcrypt.

An attacker can exploit the buffer overflow in the ECDH implementation to overwrite memory, leading to crashes or unavailability of cryptographic services.

Such disruptions can affect applications relying on Libgcrypt for secure communications or cryptographic operations, potentially causing service interruptions.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the buffer overflow and denial-of-service issue in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums against the official release signing keys.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that sometimes allows a heap-based buffer overflow and denial of service (DoS) via crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the gcry_pk_decrypt function.

This vulnerability affects ECDH implementations using NIST, Brainpool, X448, or X25519 curves. An attacker can exploit this flaw by sending specially crafted ciphertext that causes a buffer overwrite with zeroes, leading to a denial-of-service condition.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4. Notably, GnuPG versions from 2.5.7 onward are not vulnerable because they use a different encryption API.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack on systems using vulnerable versions of Libgcrypt during ECDH encryption operations.

A successful attack could lead to application crashes or service interruptions, potentially affecting the availability of cryptographic services that rely on Libgcrypt's ECDH implementation.

Since the vulnerability does not impact confidentiality or integrity directly (CVSS indicates no confidentiality impact but high integrity and availability impact), the main risk is disruption rather than data compromise.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version contains the fix for the heap-based buffer overflow and denial of service issue in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums against the official release signing keys.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that allows a heap-based buffer overflow and denial of service via specially crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the gcry_pk_decrypt function.

This vulnerability affects ECDH implementations using NIST, Brainpool, X448, or X25519 curves and can cause a buffer overwrite with zeroes during ECDH encryption operations.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack by triggering a heap-based buffer overflow in Libgcrypt's ECDH decryption process.

A successful attack could crash applications using vulnerable versions of Libgcrypt, potentially disrupting services or processes that rely on cryptographic operations.

However, there is no indication that confidentiality is compromised, as the CVSS score indicates no impact on confidentiality but high impact on integrity and availability.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the heap-based buffer overflow and denial of service issue in the ECDH implementation.

If you are using GnuPG, ensure that your version is 2.5.7 or later, since these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums against the official release signing keys.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that allows a heap-based buffer overflow and denial of service (DoS) via specially crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext when using the gcry_pk_decrypt function.

This vulnerability affects ECDH implementations using NIST, Brainpool, X448, or X25519 curves and can cause a buffer overwrite with zeroes, leading to a denial-of-service condition.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4, with GnuPG versions from 2.5.7 onward not vulnerable due to their use of a different encryption API.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that allows a heap-based buffer overflow and denial of service (DoS) attack. This occurs via specially crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext processed by the gcry_pk_decrypt function.

The vulnerability affects ECDH implementations using several elliptic curves including NIST, Brainpool, X448, and X25519. Exploiting this flaw can cause a buffer overwrite with zeroes, leading to a denial-of-service condition.

This issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4. Notably, GnuPG versions from 2.5.7 onward are not vulnerable because they use a different encryption API.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack by triggering a heap-based buffer overflow during ECDH decryption operations.

A successful attack could crash or disrupt applications relying on vulnerable versions of Libgcrypt for cryptographic operations, potentially leading to service outages or interruptions.

Since the vulnerability does not impact confidentiality or integrity directly (CVSS indicates no confidentiality impact but high integrity and availability impacts), the primary risk is service disruption rather than data leakage.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the critical buffer overwrite vulnerability in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Additionally, verify the integrity and authenticity of the updated packages by checking OpenPGP signatures or SHA-1 checksums against the official release signing keys.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that sometimes allows a heap-based buffer overflow and denial of service via crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the gcry_pk_decrypt function.

This vulnerability arises from a buffer overwrite with zeroes during ECDH encryption operations affecting implementations using NIST, Brainpool, X448, or X25519 curves.

Exploitation of this bug can cause the affected software to crash or become unresponsive, leading to denial-of-service conditions.

The issue has been fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack by triggering a heap-based buffer overflow during ECDH decryption operations.

If your system or application uses vulnerable versions of Libgcrypt for cryptographic operations involving ECDH, an attacker could send specially crafted ciphertext to crash or disrupt your service.

Such disruptions could lead to service unavailability, impacting system reliability and potentially causing downtime.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the heap-based buffer overflow and denial-of-service issue in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums against the official release signing keys.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack by triggering a heap-based buffer overflow during ECDH decryption operations.

An attacker could send crafted ciphertext that overwrites memory with zeroes, potentially crashing the application or causing it to behave unpredictably.

This could disrupt services relying on Libgcrypt for cryptographic operations, leading to downtime or degraded security functionality.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the heap-based buffer overflow and denial of service vulnerability in the ECDH implementation.

If you are using GnuPG, ensure that your version is 2.5.7 or newer, as these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums using the official release signing keys.

CVE-2026-41989 is a security vulnerability in Libgcrypt versions before 1.12.2 that sometimes allows a heap-based buffer overflow and denial of service via crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the gcry_pk_decrypt function.

This vulnerability affects ECDH implementations using NIST, Brainpool, X448, or X25519 curves and can cause a buffer overwrite with zeroes during ECDH encryption operations, potentially leading to a denial-of-service (DoS) attack.

The issue was fixed in Libgcrypt versions 1.12.2, 1.11.3, and 1.10.4, with GnuPG versions from 2.5.7 onward not vulnerable due to their use of a different encryption API.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the critical buffer overwrite vulnerability in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums against the official release signing keys.

This vulnerability can be exploited to cause a denial-of-service (DoS) attack by triggering a heap-based buffer overflow during ECDH decryption operations.

An attacker could send specially crafted ECDH ciphertext that overwrites buffers with zeroes, potentially crashing the application or service using the vulnerable Libgcrypt versions.

This could disrupt services relying on cryptographic operations, leading to downtime or degraded availability.

To mitigate the vulnerability CVE-2026-41989, you should upgrade Libgcrypt to version 1.12.2 or later, as this version includes the fix for the heap-based buffer overflow and denial of service issue in the ECDH implementation.

If you are using GnuPG, ensure you are running version 2.5.7 or later, as these versions use a different encryption API and are not vulnerable.

Verify the integrity and authenticity of the updated Libgcrypt packages by checking OpenPGP signatures or SHA-1 checksums against the official release signing keys.