Vulnerability Description
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnupg | Gnupg | 1.4.8 |
Related Weaknesses (CWE)
References
- http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html
- http://secunia.com/advisories/29568Vendor Advisory
- http://www.ocert.org/advisories/ocert-2008-1.html
- http://www.securityfocus.com/bid/28487
- http://www.vupen.com/english/advisories/2008/1056/references
- https://bugs.g10code.com/gnupg/issue894
- https://bugs.gentoo.org/show_bug.cgi?id=214990
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41547
- http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html
- http://secunia.com/advisories/29568Vendor Advisory
- http://www.ocert.org/advisories/ocert-2008-1.html
- http://www.securityfocus.com/bid/28487
- http://www.vupen.com/english/advisories/2008/1056/references
- https://bugs.g10code.com/gnupg/issue894
- https://bugs.gentoo.org/show_bug.cgi?id=214990
FAQ
What is CVE-2008-1530?
CVE-2008-1530 is a vulnerability with a CVSS score of 9.3 (HIGH). GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which trigge...
How severe is CVE-2008-1530?
CVE-2008-1530 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1530?
Check the references section above for vendor advisories and patch information. Affected products include: Gnupg Gnupg.