GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation16 reference(s) from NVD