CVE-2020-8945
published 2020-02-12CVE-2020-8945: The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This…
high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | golang-github-proglottis-gpgme | < golang-github-proglottis-gpgme 0.1.1-1 (bookworm) | golang-github-proglottis-gpgme 0.1.1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| github.com | proglottis_gpgme | >= 0 < 0.1.1 | 0.1.1 |
| gpgme_project | gpgme | < 0.1.1 | 0.1.1 |
| podman_project | podman | — | — |
| redhat | enterprise_linux_for_ibm_z_systems | — | — |
| redhat | enterprise_linux_for_power_little_endian | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform_for_ibm_z | — | — |
| redhat | openshift_container_platform_for_ibm_z | — | — |
| redhat | openshift_container_platform_for_linuxone | — | — |
| redhat | openshift_container_platform_for_linuxone | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.5HIGH