GO-2020-0031

Source

https://pkg.go.dev/vuln/GO-2020-0031

Import Source

https://vuln.go.dev/ID/GO-2020-0031.json

Aliases

CVE-2020-8945
GHSA-m6wg-2mwg-4rfq
GO-2020-0002
GO-2021-0096

Published

2021-04-14T20:04:52Z

Modified

2023-11-08T04:04:19.530670Z

Details

Due to improper setting of finalizers, memory passed to C may be freed before it is used, leading to crashes due to memory corruption or possible code execution.

References

https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733
https://bugzilla.redhat.com/show_bug.cgi?id=1795838

Affected packages

Go / github.com/proglottis/gpgme

Package

Name: github.com/proglottis/gpgme

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.1.1

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/proglottis/gpgme"
        }
    ]
}

Database specific

{
    "url": "https://pkg.go.dev/vuln/GO-2020-0031"
}