GO-2020-0002

Source

https://pkg.go.dev/vuln/GO-2020-0002

Import Source

https://vuln.go.dev/ID/GO-2020-0002.json

Aliases

CVE-2020-8945
GHSA-m6wg-2mwg-4rfq
GO-2020-0031
GO-2021-0096

Published

2021-04-14T20:04:52Z

Modified

2023-11-08T04:04:19.530670Z

Details

The Data, Context, or Key finalizers might run during or before GPGME operations. This will release the C structures that are still in use, leading to crashes and potentially code execution through a use-after-free.

References

https://github.com/proglottis/gpgme/pull/23
https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733

Affected packages

Go / github.com/proglottis/gpgme

Package

Name: github.com/proglottis/gpgme

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.1.1

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/proglottis/gpgme"
        }
    ]
}

Database specific

{
    "url": "https://pkg.go.dev/vuln/GO-2020-0002"
}