CVE-2008-1530

EUVD-2008-1531
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
gnupggnupg
1.4.8
gnupggnupg
2.0.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnupg2
bookworm
2.2.40-1.1
fixed
bullseye
2.2.27-2+deb11u2
fixed
bullseye (security)
2.2.27-2+deb11u2
fixed
etch
not-affected
sarge
not-affected
sid
2.2.45-2
fixed
trixie
2.2.44-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnupg
dapper
not-affected
edgy
not-affected
feisty
not-affected
gutsy
not-affected
gnupg2
dapper
not-affected
edgy
not-affected
feisty
not-affected
gutsy
not-affected
Common Weakness Enumeration
References
http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html
http://secunia.com/advisories/29568
http://www.ocert.org/advisories/ocert-2008-1.html
http://www.securityfocus.com/bid/28487
http://www.vupen.com/english/advisories/2008/1056/references
https://bugs.g10code.com/gnupg/issue894
https://bugs.gentoo.org/show_bug.cgi?id=214990
https://exchange.xforce.ibmcloud.com/vulnerabilities/41547
http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html
http://secunia.com/advisories/29568
http://www.ocert.org/advisories/ocert-2008-1.html
http://www.securityfocus.com/bid/28487
http://www.vupen.com/english/advisories/2008/1056/references
https://bugs.g10code.com/gnupg/issue894
https://bugs.gentoo.org/show_bug.cgi?id=214990
https://exchange.xforce.ibmcloud.com/vulnerabilities/41547