CVE-2008-1530
EPSS 3.7%
Description
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."
How to fix CVE-2008-1530
To remediate CVE-2008-1530, upgrade the affected package to a fixed version below.
- Debian/gnupg2—upgrade to 2.0.9-1 or later
Is CVE-2008-1530 being exploited?
Low — EPSS is 3.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.0.9-1