Lucene search

K

[email protected]NVD:CVE-2008-1530

HistoryMar 27, 2008 - 11:44 p.m.

CVE-2008-1530

2008-03-2723:44:00

CWE-399

[email protected]

web.nvd.nist.gov

3

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

High

EPSS

0.041

Percentile

92.3%

GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers “memory corruption around deduplication of user IDs.”

Affected configurations

Nvd

Node

gnupggnupgMatch1.4.8

OR

gnupggnupgMatch2.0.8

References

lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html

secunia.com/advisories/29568

www.ocert.org/advisories/ocert-2008-1.html

www.securityfocus.com/bid/28487

www.vupen.com/english/advisories/2008/1056/references

bugs.g10code.com/gnupg/issue894

bugs.gentoo.org/show_bug.cgi?id=214990

exchange.xforce.ibmcloud.com/vulnerabilities/41547

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

High

EPSS

0.041

Percentile

92.3%

Related for NVD:CVE-2008-1530

debiancve1 ubuntucve1 prion1 cvelist1 redhatcve1 nessus1 openvas2 cve1 freebsd1