Vulnerability Details : CVE-2008-1530
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."
Vulnerability category: Memory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2008-1530
Probability of exploitation activity in the next 30 days: 4.03%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-1530
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
[email protected] |
CWE ids for CVE-2008-1530
-
Assigned by: [email protected] (Primary)
Vendor statements for CVE-2008-1530
-
Red Hat 2008-03-28Not vulnerable. This issue does not affect the versions of gnupg packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 or 5.
-
https://bugs.gentoo.org/show_bug.cgi?id=214990
-
https://bugs.g10code.com/gnupg/issue894
-
http://www.vupen.com/english/advisories/2008/1056/references
-
http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html
-
http://www.securityfocus.com/bid/28487
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41547
-
http://www.ocert.org/advisories/ocert-2008-1.html
- cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*