CyberSec.Space Logo
Back to CVE Browser

CVE-2008-1530

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1300%
EPSS Percentile19.45th
PublishedMar 27, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."

Affected Platforms (CPE)

πŸ“¦
Gnupg

Gnupg

= 1.4.8
πŸ“¦
Gnupg

Gnupg

= 2.0.8

References & Advisories

πŸ”— http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html
πŸ”— http://secunia.com/advisories/29568
πŸ”— http://www.ocert.org/advisories/ocert-2008-1.html
πŸ”— http://www.securityfocus.com/bid/28487
πŸ”— http://www.vupen.com/english/advisories/2008/1056/references
πŸ”— https://bugs.g10code.com/gnupg/issue894
πŸ”— https://bugs.gentoo.org/show_bug.cgi?id=214990
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/41547

Related Vulnerabilities

CVE-2006-623510.0

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to ...

CVE-2003-025510.0

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns ...

CVE-2018-123569.8

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routi...

CVE-2018-10008588.8

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker con...