Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1530

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1530
Last Modified 07 Mar 2011 10:07:13
Published 27 Mar 2008 07:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1530

Summary

GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."

Vulnerable Systems

Application

  • Gnupg 1.4.8

  • Gnupg 2.0.8


References

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=214990

CONFIRM - https://bugs.g10code.com/gnupg/issue894

XF - gnupg-keys-code-execution(41547)

VUPEN - ADV-2008-1056

BID - 28487

MISC - http://www.ocert.org/advisories/ocert-2008-1.html

SECUNIA - 29568

MLIST - [Announce] 20080326 GnuPG 1.4.9 released


Last Updated: 27 May 2016 10:47:34