CVE-2020-8945

Published: Feb 12, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/proglottis/gpgme/pull/23

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1795838

x_refsource_MISC

https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1

x_refsource_MISC

https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1

x_refsource_MISC

FEDORA-2020-f317e13ecf

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-2a0aac3502

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-ccc3e64ea5

vendor-advisory

x_refsource_FEDORA

RHSA-2020:0679

vendor-advisory

x_refsource_REDHAT

RHSA-2020:0689

vendor-advisory

x_refsource_REDHAT

RHSA-2020:0697

vendor-advisory

x_refsource_REDHAT

FEDORA-2020-aeea04cd13

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-8945

Description

Affected Products

References