CVE-2008-1530

GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.ocert.org/advisories/ocert-2008-1.html
https://bugs.g10code.com/gnupg/issue894
https://bugs.gentoo.org/show_bug.cgi?id=214990
http://www.securityfocus.com/bid/28487
http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html
http://secunia.com/advisories/29568	Vendor Advisory
http://www.vupen.com/english/advisories/2008/1056/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41547

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnupg:gnupg:1.4.8:::::::*
	cpe:2.3:a:gnupg:gnupg:2.0.8:::::::*

Information

Published : 2008-03-27 16:44

Updated : 2017-08-07 18:30

NVD link : CVE-2008-1530

Mitre link : CVE-2008-1530

JSON object : View

CWE

CWE-399

Resource Management Errors

Products Affected

gnupg

gnupg

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ocert.org/advisories/ocert-2008-1.html", "name": "http://www.ocert.org/advisories/ocert-2008-1.html", "tags": [], "refsource": "MISC"}, {"url": "https://bugs.g10code.com/gnupg/issue894", "name": "https://bugs.g10code.com/gnupg/issue894", "tags": [], "refsource": "CONFIRM"}, {"url": "https://bugs.gentoo.org/show_bug.cgi?id=214990", "name": "https://bugs.gentoo.org/show_bug.cgi?id=214990", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/28487", "name": "28487", "tags": [], "refsource": "BID"}, {"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html", "name": "[Announce] 20080326 GnuPG 1.4.9 released", "tags": [], "refsource": "MLIST"}, {"url": "http://secunia.com/advisories/29568", "name": "29568", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2008/1056/references", "name": "ADV-2008-1056", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41547", "name": "gnupg-keys-code-execution(41547)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers \"memory corruption around deduplication of user IDs.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-399"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-1530", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2008-03-27T23:44Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:30Z"}

9.3 /10