In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.
| Version | Score | Severity | Vector String |
|---|---|---|---|
| 3.1 | 8.4 | High | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Product | Vendor | Version |
|---|---|---|
| GnuPG | GnuPG | All versions prior to 23.11.5 LTS |