Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-1530

GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."

Related bugs and status

CVE-2008-1530 (Candidate) is related to these bugs:

Bug #214194: GnuPG allows remote attackers to cause a denial of service

Summary				In	Importance	Status
	214194	GnuPG allows remote attackers to cause a denial of service		gnupg (Ubuntu)	Undecided	Invalid
	214194	GnuPG allows remote attackers to cause a denial of service		gnupg (Gentoo Linux)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.ocert.org/a...
CONFIRM: https://bugs.g10code.c...
CONFIRM: https://bugs.gentoo.or...
BID: 28487
MLIST: [Announce] 20080326 Gn...
SECUNIA: 29568
VUPEN: ADV-2008-1056
XF: gnupg-keys-code-execut...