gpg.fail

"in the hurry of leaving i forgot the sites src at home, sorry, had to rewrite the whole thing. expect a nicer site by tomorrow. im patching as we speak."
- reaper (<- to blame)

Multiple Plaintext Attack on Detached PGP Signatures in GnuPG
GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field
Cleartext Signature Plaintext Truncated for Hash Calculation
Encrypted message malleability checks are incorrectly enforced causing plaintext recovery attacks
Memory Corruption in ASCII-Armor Parsing
Trusted comment injection (minisign)
Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG
OpenPGP Cleartext Signature Framework Susceptible to Format Confusion
GnuPG Output Fails To Distinguish Signature Verification Success From Message Content
Cleartext Signature Forgery in GnuPG
Radix64 Line-Truncation Enabling Polyglot Attacks
GnuPG may downgrade digest algorithm to SHA1 during key signature checking
GnuPG Trust Packet Parsing Enables Adding Arbitrary Subkeys
Trusted comment Injection (minisign)

Video https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i/oembed

Vulnerabilities included in this bundle

GCVE-1-2026-0001:

Combined detection rules

Detection rules are retrieved from Rulezet.

Combined sightings

Author	Vulnerability	Source	Type	Date