CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-1530

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1300%
EPSS Percentile19.45th
Published2008年3月27日
Last Modified2026年4月23日

Vulnerability Description

GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."

Affected Platforms (CPE)

📦
Gnupg

Gnupg

= 1.4.8
📦
Gnupg

Gnupg

= 2.0.8

References & Advisories

🔗 http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html
🔗 http://secunia.com/advisories/29568
🔗 http://www.ocert.org/advisories/ocert-2008-1.html
🔗 http://www.securityfocus.com/bid/28487
🔗 http://www.vupen.com/english/advisories/2008/1056/references
🔗 https://bugs.g10code.com/gnupg/issue894
🔗 https://bugs.gentoo.org/show_bug.cgi?id=214990
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/41547

関連する脆弱性情報

CVE-2006-623510.0

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to ...

CVE-2003-025510.0

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns ...

CVE-2018-123569.8

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routi...

CVE-2018-10008588.8

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker con...