blob: 1a0e9bac69c2358b812983bec0319d6884856ada [file] [log] [blame]
module: github.com/proglottis/gpgme
versions:
- fixed: v0.1.1
description: |
The [`Data`][], [`Context`][], or [`Key`][] finalizers might run during or
before GPGME operations, releasing the C structures as they are still in use,
leading to crashes and potentially code execution through a use-after-free.
published: 2021-04-14T12:00:00Z
cve: CVE-2020-8945
credit: Ulrich Obergfell <uobergfe@redhat.com>
links:
pr: https://github.com/proglottis/gpgme/pull/23
commit: https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733