Red Hat Bugzilla – Bug 439305
CVE-2008-1530 gnupg NULL pointer dereference
Last modified: 2008-03-27 19:24:06 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1530 to the following vulnerability:
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial
of service (crash) and possibly execute arbitrary code via crafted
duplicate keys that are imported from key servers, which triggers
"memory corruption around deduplication of user IDs."
This only affects gunpg2 in Fedora 7 and 8 and is not really exploitable.
This issue does not affect versions of gnupg packages as shipped with Red Hat
Enterprise Linux versions 2.1, 3, 4 and 5.