CVE-2008-1530 Information

Description

GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers which triggers \memory corruption around deduplication of user IDs.\

Reference

http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html http://secunia.com/advisories/29568 http://www.ocert.org/advisories/ocert-2008-1.html http://www.securityfocus.com/bid/28487 http://www.vupen.com/english/advisories/2008/1056/references https://bugs.g10code.com/gnupg/issue894 https://bugs.gentoo.org/show_bug.cgi?id=214990 https://exchange.xforce.ibmcloud.com/vulnerabilities/41547