7.5
CVE-2020-8945
- EPSS 3.03%
- Veröffentlicht 12.02.2020 18:15:10
- Zuletzt bearbeitet 21.11.2024 05:39:42
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gpgme Project ≫ Gpgme SwPlatformgo Version < 0.1.1
Redhat ≫ Openshift Container Platform Version3.11
Redhat ≫ Openshift Container Platform Version4.1
Redhat ≫ Openshift Container Platform Version4.2
Redhat ≫ Openshift Container Platform Version4.3
Redhat ≫ Openshift Container Platform Version4.4
Redhat ≫ Openshift Container Platform Version4.5
Redhat ≫ Openshift Container Platform For Ibm Z Version4.1
Redhat ≫ Openshift Container Platform For Ibm Z Version4.2
Redhat ≫ Openshift Container Platform For Linuxone Version4.1
Redhat ≫ Openshift Container Platform For Linuxone Version4.2
Fedoraproject ≫ Fedora Version30
Fedoraproject ≫ Fedora Version31
Fedoraproject ≫ Fedora Version32
Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0
Redhat ≫ Enterprise Linux For Power Little Endian Version7.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Workstation Version7.0
Redhat ≫ Openshift Container Platform Version3.11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.03% | 0.861 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.