PT-2008-3089 · Gnu · Gnupg

Robert Buchholz

Published

2008-03-27

Updated

2024-06-15

CVE-2008-1530

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GnuPG versions 1.4.8 and 2.0.8

Description The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers. This is due to "memory corruption around deduplication of user IDs."

Recommendations For GnuPG version 1.4.8, update to a version that fixes the memory corruption issue. For GnuPG version 2.0.8, update to a version that fixes the memory corruption issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2008-1530

OPENSUSE-SU-2024:10815-1

Affected Products

Gnupg

PT-2008-3089 · Gnu · Gnupg

CVE-2008-1530

Weakness Enumeration

Related Identifiers

Affected Products

References · 21