reports/GO-2020-0002.yaml - vulndb - Git at Google

 module: github.com/proglottis/gpgme
 versions:
   - fixed: v0.1.1
 description: |
     The Data, Context, or Key finalizers might run during or before GPGME
     operations. This will release the C structures that are still in use, leading
     to crashes and potentially code execution through a use-after-free.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2020-8945
 credit: Ulrich Obergfell <uobergfe@redhat.com>
 links:
     pr: https://github.com/proglottis/gpgme/pull/23
     commit: https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733
	module: github.com/proglottis/gpgme
	versions:
	- fixed: v0.1.1
	description: \|
	The Data, Context, or Key finalizers might run during or before GPGME
	operations. This will release the C structures that are still in use, leading
	to crashes and potentially code execution through a use-after-free.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2020-8945
	credit: Ulrich Obergfell <uobergfe@redhat.com>
	links:
	pr: https://github.com/proglottis/gpgme/pull/23
	commit: https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733