{"id":"JLSEC-2026-497","summary":"Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds...","details":"Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.","modified":"2026-05-14T02:47:54.627975959Z","published":"2026-05-14T02:21:35.919Z","upstream":["CVE-2026-41990","EUVD-2026-25193","GHSA-78pv-qq8x-94px"],"database_specific":{"sources":[{"id":"CVE-2026-41990","imported":"2026-05-14T00:51:22.666Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41990","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-41990","published":"2026-04-23T05:16:05.897Z","database_specific":{"status":"Analyzed"},"modified":"2026-04-27T18:33:27.050Z"},{"modified":"2026-04-23T06:30:28Z","imported":"2026-05-14T00:51:26.195Z","html_url":"https://github.com/advisories/GHSA-78pv-qq8x-94px","id":"GHSA-78pv-qq8x-94px","url":"https://api.github.com/advisories/GHSA-78pv-qq8x-94px","published":"2026-04-23T06:30:22Z"},{"modified":"2026-04-23T16:22:42Z","imported":"2026-05-14T00:51:24.366Z","html_url":"https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-25193","id":"EUVD-2026-25193","url":"https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-25193","published":"2026-04-23T04:39:04Z"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://dev.gnupg.org/T8208"},{"type":"WEB","url":"https://github.com/advisories/GHSA-78pv-qq8x-94px"},{"type":"WEB","url":"https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41990"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/04/21/1"}],"affected":[{"package":{"name":"Libgcrypt_jll","ecosystem":"Julia","purl":"pkg:julia/Libgcrypt_jll?uuid=d4300ac3-e22c-5743-9152-c294e39db1e4"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.12.0+0"},{"fixed":"1.12.2+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-497.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}]}