GO-2020-0002

Source

https://storage.googleapis.com/go-vulndb/ID/GO-2020-0002.json

Aliases

CVE-2020-8945

Published

2021-04-14T20:04:52Z

Modified

2022-05-13T18:33:00Z

Details

The Data, Context, or Key finalizers might run during or before GPGME operations. This will release the C structures that are still in use, leading to crashes and potentially code execution through a use-after-free.

References

https://github.com/proglottis/gpgme/pull/23
https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733

Affected packages

Go / github.com/proglottis/gpgme

github.com/proglottis/gpgme

Affected ranges

Type: SEMVER
Events: Introduced

0

Fixed

0.1.1

Affected versions

Database specific

{
    "url": "https://pkg.go.dev/vuln/GO-2020-0002"
}