reports/GO-2020-0002.yaml - vulndb - Git at Google

 module: github.com/proglottis/gpgme
 versions:
   - fixed: v0.1.1
 description: |
   The [`Data`][], [`Context`][], or [`Key`][] finalizers might run during or
   before GPGME operations, releasing the C structures as they are still in use,
   leading to crashes and potentially code execution through a use-after-free.
 published: 2021-04-14T12:00:00Z
 cve: CVE-2020-8945
 credit: Ulrich Obergfell <uobergfe@redhat.com>
 links:
   pr: https://github.com/proglottis/gpgme/pull/23
   commit: https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733
	module: github.com/proglottis/gpgme
	versions:
	- fixed: v0.1.1
	description: \|
	The [`Data`][], [`Context`][], or [`Key`][] finalizers might run during or
	before GPGME operations, releasing the C structures as they are still in use,
	leading to crashes and potentially code execution through a use-after-free.
	published: 2021-04-14T12:00:00Z
	cve: CVE-2020-8945
	credit: Ulrich Obergfell <uobergfe@redhat.com>
	links:
	pr: https://github.com/proglottis/gpgme/pull/23
	commit: https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733