Search CVE reports
1 result
CVE-2020-8945
Medium priorityThe proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
2 affected packages
golang-github-proglottis-gpgme, singularity-container
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-github-proglottis-gpgme | Not affected | Not affected | Needs evaluation | Not in release | Not in release |
singularity-container | Needs evaluation | Not in release | Not in release | Needs evaluation | Not in release |