Published: 12/02/2020 Updated: 07/11/2023

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 455

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

The proglottis Go wrapper prior to 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gpgme project gpgme
redhat openshift_container_platform 3.11
redhat openshift_container_platform 4.1
redhat openshift_container_platform 4.2
redhat openshift_container_platform 4.3
redhat openshift_container_platform 4.4
redhat openshift_container_platform 4.5
redhat openshift_container_platform_for_ibm_z 4.1
redhat openshift_container_platform_for_ibm_z 4.2
redhat openshift_container_platform_for_linuxone 4.1
redhat openshift_container_platform_for_linuxone 4.2
fedoraproject fedora 30
fedoraproject fedora 31
fedoraproject fedora 32
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat enterprise linux for power little endian 7.0
redhat enterprise linux for ibm z systems 7.0
redhat openshift container platform 3.11

Debian Bug report logs - #951372 golang-github-proglottis-gpgme: CVE-2020-8945 Package: src:golang-github-proglottis-gpgme; Maintainer for src:golang-github-proglottis-gpgme is Debian Go Packaging Team <team+pkg-go@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 15 Feb 2020 14:18: ...

Synopsis Moderate: buildah security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for buildah is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (C ...

Synopsis Moderate: skopeo security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for skopeo is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVS ...

Synopsis Important: podman security update Type/Severity Security Advisory: Important Topic An update for podman is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base s ...

Synopsis Moderate: OpenShift Container Platform 42z ose-openshift-controller-manager-container security update Type/Severity Security Advisory: Moderate Topic An update for ose-openshift-controller-manager-container is now available for Red Hat OpenShift Container Platform 42Red Hat Product Security has ...

Synopsis Moderate: OpenShift Container Platform 4233 openshift-clients security update Type/Severity Security Advisory: Moderate Topic An update for openshift-clients is now available for Red Hat OpenShift Container Platform 42Red Hat Product Security has rated this update as having a security impact of ...

Synopsis Moderate: OpenShift Container Platform 438 openshift-clients security update Type/Severity Security Advisory: Moderate Topic An update for openshift-clients is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of ...

Synopsis Moderate: OpenShift Container Platform 438 proglottis/gpgme security update Type/Severity Security Advisory: Moderate Topic An update for openshift-enterprise-builder-container, openshift-enterprise-cli-container, and ose-cli-artifacts-container is now available for Red Hat OpenShift Container Pl ...

Synopsis Moderate: OpenShift Container Platform 4222 skopeo security update Type/Severity Security Advisory: Moderate Topic An update for skopeo is now available for Red Hat OpenShift Container Platform 42Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vu ...

Synopsis Moderate: OpenShift Container Platform 439 ose-openshift-controller-manager-container security update Type/Severity Security Advisory: Moderate Topic An update for ose-openshift-controller-manager-container is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has ...

Synopsis Moderate: OpenShift Container Platform 435 skopeo security update Type/Severity Security Advisory: Moderate Topic An update for skopeo is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vul ...

Synopsis Moderate: OpenShift Container Platform 4138 skopeo security update Type/Severity Security Advisory: Moderate Topic An update for skopeo is now available for Red Hat OpenShift Container Platform 41Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vu ...

Synopsis Moderate: OpenShift Container Platform 443 ose-cluster-policy-controller-container security update Type/Severity Security Advisory: Moderate Topic An update for ose-cluster-policy-controller-container is now available for Red Hat OpenShift Container Platform 44Red Hat Product Security has rated ...

Synopsis Moderate: OpenShift Container Platform 4228 openshift-enterprise-builder-container security update Type/Severity Security Advisory: Moderate Topic An update for openshift-enterprise-builder-container is now available for Red Hat OpenShift Container Platform 42Red Hat Product Security has rated ...

Synopsis Moderate: OpenShift Container Platform 311 security update Type/Severity Security Advisory: Moderate Topic An update for atomic-openshift, atomic-openshift-web-console, and cri-o is now available for Red Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as having ...

Synopsis Moderate: docker security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for docker is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVS ...

Synopsis Moderate: OpenShift Container Platform 4413 machine-config-daemon and openshift security update Type/Severity Security Advisory: Moderate Topic An update for machine-config-daemon and openshift is now available for Red Hat OpenShift Container Platform 44Red Hat Product Security has rated this u ...

CWE-416 https://github.com/proglottis/gpgme/pull/23 https://bugzilla.redhat.com/show_bug.cgi?id=1795838 https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1 https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1 https://access.redhat.com/errata/RHSA-2020:0679 https://access.redhat.com/errata/RHSA-2020:0689 https://access.redhat.com/errata/RHSA-2020:0697 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6P6SSNKN4H6GSEVROHBDXA64PX7EOED/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDBT77KV3U7BESJX3P4S4MPVDGRTAQA2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXV7NZELYWRRCXATXU3FYD3G3WJT3WYM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951372 https://nvd.nist.gov

Get Started

CVE-2020-8945

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect