{"id":"USN-8319-1","summary":"libgcrypt20 vulnerabilities","details":"It was discovered that Libgcrypt incorrectly handled crafted ECDH\nciphertext. An attacker could possibly use this issue to cause Libgcrypt to\ncrash, resulting in a denial of service. (CVE-2026-41989)\n\nIt was discovered that Libgcrypt incorrectly handled Dilithium signing. An\nattacker could possibly use this issue to cause Libgcrypt to crash,\nresulting in a denial of service. This issue only affected Ubuntu 26.04\nLTS. (CVE-2026-41990)","modified":"2026-05-27T15:47:45.571912893Z","published":"2026-05-27T12:32:26Z","related":["UBUNTU-CVE-2026-41989","UBUNTU-CVE-2026-41990"],"upstream":["CVE-2026-41989","CVE-2026-41990","UBUNTU-CVE-2026-41989","UBUNTU-CVE-2026-41990"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8319-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-41989"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-41990"}],"affected":[{"package":{"name":"libgcrypt20","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/libgcrypt20?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.4-3ubuntu3.2"}]}],"versions":["1.8.7-5ubuntu2","1.9.4-3ubuntu2","1.9.4-3ubuntu3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.9.4-3ubuntu3.2","binary_name":"libgcrypt20"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8319-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-41989"}]}}},{"package":{"name":"libgcrypt20","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/libgcrypt20?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.10.3-2ubuntu0.1"}]}],"versions":["1.10.2-3ubuntu1","1.10.3-2","1.10.3-2build1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.10.3-2ubuntu0.1","binary_name":"libgcrypt20"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8319-1.json","cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-41989"}]}}},{"package":{"name":"libgcrypt20","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/libgcrypt20?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.11.0-7ubuntu0.1"}]}],"versions":["1.11.0-6ubuntu1","1.11.0-7","1.11.0-7build1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.11.0-7ubuntu0.1","binary_name":"libgcrypt-bin"},{"binary_version":"1.11.0-7ubuntu0.1","binary_name":"libgcrypt20"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8319-1.json","cves_map":{"ecosystem":"Ubuntu:25.10","cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-41989"}]}}},{"package":{"name":"libgcrypt20","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/libgcrypt20?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.0-2ubuntu0.1"}]}],"versions":["1.11.0-7build1","1.11.2-2","1.11.2-3","1.12.0-2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.12.0-2ubuntu0.1","binary_name":"libgcrypt-bin"},{"binary_version":"1.12.0-2ubuntu0.1","binary_name":"libgcrypt20"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8319-1.json","cves_map":{"ecosystem":"Ubuntu:26.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-41989"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-41990"}]}}}],"schema_version":"1.7.5"}