CVE-2008-1530

Severity CVSS v4.0:
Pending analysis
Type:
CWE-399 Resource Management Errors
Publication date:
27/03/2008
Last modified:
09/04/2025

Description

GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*