#VU114065 Resource management error in GnuPG - CVE-2008-1530
Published: August 14, 2025
Vulnerability identifier: #VU114065
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2008-1530
CWE-ID: CWE-399
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
GnuPG
GnuPG
Software vendor:
GNU
GNU
Description
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to improper management of internal resources within the application. A remote attacker can send a specially crafted duplicate keys that are imported from key servers to trigger memory corruption around deduplication of user IDs and execute arbitrary code on the system.
Remediation
Install updates from vendor's website.
External links
- http://lists.gnupg.org/pipermail/gnupg-announce/2008q1/000272.html
- http://secunia.com/advisories/29568
- http://www.ocert.org/advisories/ocert-2008-1.html
- http://www.securityfocus.com/bid/28487
- http://www.vupen.com/english/advisories/2008/1056/references
- https://bugs.g10code.com/gnupg/issue894
- https://bugs.gentoo.org/show_bug.cgi?id=214990
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41547