Latest Vulnerabilities and Exploits



CVE ID:

CVE-2020-8945

Details:

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.

References:

:https://bugzilla.redhat.com/show_bug.cgi?id=1795838
:https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1
:https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1
:https://github.com/proglottis/gpgme/pull/23

ZeroDayLab Assigned Tags:

CRASH