GnuPG Releases Version 2.5.17 to Patch Critical RCE and Buffer Overflow Flaws

The GnuPG Project released version 2.5.17 to address three security vulnerabilities, including a critical stack-based buffer overflow that allows remote code execution (RCE). 

Vulnerabilities summary:

• T8044 (CVSS score 9.8) - A stack-based buffer overflow in gpg-agent during PKDECRYPT --kem=CMS handling. The agent_kem_decrypt function trusts an attacker-supplied wrapped-key length to size an AES Key Wrap operation into a fixed 256-byte stack buffer. An attacker can send a crafted CMS EnvelopedData message with an oversized session key, causing libgcrypt to copy bytes past the buffer end before performing integrity checks, which allows arbitrary code execution.
• T8045 (CVSS score 7.8) - A stack-based buffer overflow in the tpm2daemon component when processing PKDECRYPT commands for TPM-backed keys. A local attacker with access to the Assuan socket can send oversized ciphertext that the daemon copies into fixed-size TPM work buffers without validation. This memory corruption allows the attacker to crash the daemon or run code with the daemon's privileges.
• T8049 (CVSS score 5.3) - A null pointer dereference vulnerability triggered by overlong signature packets. When parsing a signature with an invalid length, the parse_signature function returns success but leaves the data pointer as NULL. Subsequent processes attempting to read this data will trigger a system crash, resulting in a denial-of-service condition.

The gpg-agent is a high-value target because it manages private keys; a compromise here could lead to the theft of sensitive cryptographic material. The TPM-related flaw requires local access but the CMS-related overflow can be triggered remotely by sending a malicious email to a victim using gpgsm, making it a primary concern for enterprise security teams.

The vulnerabilities affect GnuPG versions 2.5.13 through 2.5.16. 

Users of the Windows-based Gpg4win suite are also at risk if running version 5.0.0 or various beta releases from late 2025. The RCE flaw in gpg-agent is reachable via the S/MIME implementation in gpgsm when processing ECC KEM-based encrypted messages, which are increasingly common in modern secure messaging environments.

Organizations should update to GnuPG 2.5.17 or Gpg4win 5.0.1. If an immediate update is not possible, administrators should remove the gpgsm or gpgsm.exe binary to prevent remote exploitation of the CMS-related buffer overflow.