Home

CVE-2020-8945

Description

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.973

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2020:1230) skopeo security and bug fix update containers-common-0.1.40-7.el7_8.x86_64.rpmLinux
(RHSA-2020:1230) skopeo security and bug fix update skopeo-0.1.40-7.el7_8.x86_64.rpmLinux
(RHSA-2020:1231) buildah security and bug fix update buildah-1.11.6-8.el7_8.x86_64.rpmLinux
(RHSA-2020:1234) docker security and bug fix update docker-1.13.1-161.git64e9980.el7_8.x86_64.rpmLinux
(RHSA-2020:1234) docker security and bug fix update docker-client-1.13.1-161.git64e9980.el7_8.x86_64.rpmLinux
(RHSA-2020:1234) docker security and bug fix update docker-common-1.13.1-161.git64e9980.el7_8.x86_64.rpmLinux
(RHSA-2020:1234) docker security and bug fix update docker-logrotate-1.13.1-161.git64e9980.el7_8.x86_64.rpmLinux
(RHSA-2020:1234) docker security and bug fix update docker-lvm-plugin-1.13.1-161.git64e9980.el7_8.x86_64.rpmLinux
(RHSA-2020:1234) docker security and bug fix update docker-novolume-plugin-1.13.1-161.git64e9980.el7_8.x86_64.rpmLinux
(RHSA-2020:1234) docker security and bug fix update docker-rhel-push-plugin-1.13.1-161.git64e9980.el7_8.x86_64.rpmLinux
(RHSA-2020:1234) docker security and bug fix update docker-v1.10-migrator-1.13.1-161.git64e9980.el7_8.x86_64.rpmLinux
(RHSA-2020:2117) podman security update podman-1.6.4-18.el7_8.x86_64.rpmLinux
(RHSA-2020:2117) podman security update podman-docker-1.6.4-18.el7_8.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234