GnuPG (gpg) 1.4.8 and 2.0.8 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnupg gnupg 1.4.8 |
||
gnupg gnupg 2.0.8 |