The Data, Context, or Key finalizers might run during or before GPGME operations. This will release the C structures that are still in use, leading to crashes and potentially code execution through a use-after-free.
github.com/proglottis/gpgme
{ "url": "https://pkg.go.dev/vuln/GO-2020-0002" }