A “severe” vulnerability in GnuPG’s Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Google’s Project Zero. The vulnerability was fixed almost immediately within a day after disclosure, while urging users to stop using the vulnerable version. The latest version of the open-source cryptographic toolkit can be downloaded here.
Source: https://thehackernews.com/2021/01/google-discloses-severe-bug-in.html