Unrated severityNVD Advisory· Published Mar 27, 2008· Updated Apr 23, 2026

CVE-2008-1530

Description

GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."

Affected products

Gnupg/Gnupg2 versions
cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/29568nvdVendor Advisory
lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.htmlnvd
www.ocert.org/advisories/ocert-2008-1.htmlnvd
www.securityfocus.com/bid/28487nvd
www.vupen.com/english/advisories/2008/1056/referencesnvd
bugs.g10code.com/gnupg/issue894nvd
bugs.gentoo.org/show_bug.cginvd
exchange.xforce.ibmcloud.com/vulnerabilities/41547nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000