GO-2020-0002

Source
https://storage.googleapis.com/go-vulndb/ID/GO-2020-0002.json
Aliases
  • CVE-2020-8945
Published
2021-04-14T20:04:52Z
Modified
2022-05-13T18:33:00Z
Details

The Data, Context, or Key finalizers might run during or before GPGME operations. This will release the C structures that are still in use, leading to crashes and potentially code execution through a use-after-free.

References

Affected packages

Go / github.com/proglottis/gpgme

github.com/proglottis/gpgme

Affected ranges

Type
SEMVER
Events
Introduced
0
Fixed
0.1.1

Affected versions

Database specific

{
    "url": "https://pkg.go.dev/vuln/GO-2020-0002"
}