Libgcrypt before version 1.12.2 contains a heap-based buffer overflow vulnerability (CWE-787) triggered by specially crafted ECDH ciphertext passed to the gcry_pk_decrypt function. This flaw can cause a denial of service or compromise the integrity of the cryptographic operations. The vulnerability affects versions 1.8.8, 1.11.0, and 1.12.0. The CVSS 3.1 base score is 6.7, with attack vector local, high attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality impact, high integrity impact, and high availability impact. No patch or official fix has been documented in the provided data.

Successful exploitation can lead to a heap-based buffer overflow, resulting in denial of service or integrity compromise within applications using vulnerable Libgcrypt versions. There is no confidentiality impact reported. The attack requires local access and has high complexity, reducing the likelihood of widespread exploitation. No known exploits are currently reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should avoid processing untrusted ECDH ciphertext with vulnerable Libgcrypt versions. Monitor vendor channels for updates and apply patches promptly once available.