FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gnupg -- memory corruption vulnerability

Affected packages
1.0.0 <= gnupg < 1.4.9
2.0.0 <= gnupg < 2.0.9


VuXML ID 30394651-13e1-11dd-bab7-0016179b2dd5
Discovery 2008-03-19
Entry 2008-04-26
Modified 2008-04-29

Secunia reports:

A vulnerability has been reported in GnuPG, which can potentially be exploited to compromise a vulnerable system.

The vulnerability is caused due to an error when importing keys with duplicated IDs. This can be exploited to cause a memory corruption when importing keys via --refresh-keys or --import.

Successful exploitation potentially allows execution of arbitrary code, but has not been proven yet.


Bugtraq ID 28487
CVE Name CVE-2008-1530