Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1530 to the following vulnerability: GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs." References: http://www.ocert.org/advisories/ocert-2008-1.html https://bugs.g10code.com/gnupg/issue894 https://bugs.gentoo.org/show_bug.cgi?id=214990
This only affects gunpg2 in Fedora 7 and 8 and is not really exploitable.
This issue does not affect versions of gnupg packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5.