1. CVE-Search
  2. CVE-2020-8945
ID CVE-2020-8945
Summary The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
References
Vulnerable Configurations
  • cpe:2.3:a:gpgme_project:gpgme:0.1.0:*:*:*:*:go:*:*
    cpe:2.3:a:gpgme_project:gpgme:0.1.0:*:*:*:*:go:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:4.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:4.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 18-10-2022 - 17:59)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2020:0679
  • rhsa
    id RHSA-2020:0689
  • rhsa
    id RHSA-2020:0697
rpms
  • atomic-enterprise-service-catalog-1:4.3.10-202003300415.git.0.68d5fb7.el7
  • atomic-enterprise-service-catalog-svcat-1:4.3.10-202003300415.git.0.68d5fb7.el7
  • atomic-openshift-service-idler-0:4.3.10-202003300415.git.13.ac05c4a.el7
  • conmon-2:2.0.8-3.rhaos4.3.el7
  • conmon-2:2.0.9-3.rhaos4.3.el8
  • cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7
  • cri-o-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8
  • cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el7
  • cri-o-debuginfo-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8
  • cri-o-debugsource-0:1.16.4-1.dev.rhaos4.3.git9238eee.el8
  • machine-config-daemon-0:4.3.10-202003300415.git.0.56d6ae0.el8
  • openshift-ansible-0:4.3.10-202003300415.git.0.6fe3ef9.el7
  • openshift-ansible-test-0:4.3.10-202003300415.git.0.6fe3ef9.el7
  • openshift-clients-0:4.3.10-202003300001.git.0.e43c148.el8
  • openshift-clients-0:4.3.10-202003300415.git.0.3576c99.el7
  • openshift-clients-redistributable-0:4.3.10-202003300001.git.0.e43c148.el8
  • openshift-clients-redistributable-0:4.3.10-202003300415.git.0.3576c99.el7
  • openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el7
  • openshift-hyperkube-0:4.3.10-202003300855.git.0.da48c1d.el8
  • openshift-kuryr-cni-0:4.3.10-202003300855.git.0.07e6ba6.el8
  • openshift-kuryr-common-0:4.3.10-202003300855.git.0.07e6ba6.el8
  • openshift-kuryr-controller-0:4.3.10-202003300855.git.0.07e6ba6.el8
  • python3-kuryr-kubernetes-0:4.3.10-202003300855.git.0.07e6ba6.el8
  • containers-common-1:0.1.40-4.rhaos.el8
  • skopeo-1:0.1.40-4.rhaos.el8
  • skopeo-debuginfo-1:0.1.40-4.rhaos.el8
  • skopeo-debugsource-1:0.1.40-4.rhaos.el8
  • skopeo-tests-1:0.1.40-4.rhaos.el8
  • containers-common-1:0.1.32-7.git1715c90.rhaos4.2.el8
  • skopeo-1:0.1.32-7.git1715c90.rhaos4.2.el8
  • skopeo-debuginfo-1:0.1.32-7.git1715c90.rhaos4.2.el8
  • skopeo-debugsource-1:0.1.32-7.git1715c90.rhaos4.2.el8
  • containers-common-1:0.1.32-6.git1715c90.el8_0
  • skopeo-1:0.1.32-6.git1715c90.el8_0
  • skopeo-debuginfo-1:0.1.32-6.git1715c90.el8_0
  • skopeo-debugsource-1:0.1.32-6.git1715c90.el8_0
  • openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el7
  • openshift-clients-0:4.3.7-202003130552.git.0.6027a27.el8
  • openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el7
  • openshift-clients-redistributable-0:4.3.7-202003130552.git.0.6027a27.el8
  • containers-common-1:0.1.40-7.el7_8
  • skopeo-1:0.1.40-7.el7_8
  • skopeo-debuginfo-1:0.1.40-7.el7_8
  • buildah-0:1.11.6-8.el7_8
  • buildah-debuginfo-0:1.11.6-8.el7_8
  • docker-2:1.13.1-161.git64e9980.el7_8
  • docker-client-2:1.13.1-161.git64e9980.el7_8
  • docker-common-2:1.13.1-161.git64e9980.el7_8
  • docker-debuginfo-2:1.13.1-161.git64e9980.el7_8
  • docker-logrotate-2:1.13.1-161.git64e9980.el7_8
  • docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8
  • docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8
  • docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8
  • docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8
  • podman-0:1.6.4-10.rhaos4.3.el8
  • podman-debuginfo-0:1.6.4-10.rhaos4.3.el8
  • podman-debugsource-0:1.6.4-10.rhaos4.3.el8
  • podman-docker-0:1.6.4-10.rhaos4.3.el8
  • podman-manpages-0:1.6.4-10.rhaos4.3.el8
  • podman-remote-0:1.6.4-10.rhaos4.3.el8
  • podman-remote-debuginfo-0:1.6.4-10.rhaos4.3.el8
  • podman-tests-0:1.6.4-10.rhaos4.3.el8
  • cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7
  • cri-o-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8
  • cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7
  • cri-o-debuginfo-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8
  • cri-o-debugsource-0:1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8
  • openshift-clients-0:4.2.32-202005020632.git.1.1b0fab9.el8
  • openshift-clients-redistributable-0:4.2.32-202005020632.git.1.1b0fab9.el8
  • podman-0:1.6.4-18.el7_8
  • podman-debuginfo-0:1.6.4-18.el7_8
  • podman-docker-0:1.6.4-18.el7_8
  • machine-config-daemon-0:4.5.0-202007012112.p0.git.2527.d12c3da.el8
  • openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el7
  • openshift-hyperkube-0:4.5.0-202007012112.p0.git.0.582d7fc.el8
  • machine-config-daemon-0:4.4.0-202007092124.p0.git.2349.08d34d1.el8
  • openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el7
  • openshift-hyperkube-0:4.4.0-202007090832.p0.git.0.bc32fb1.el8
  • atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7
  • atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7
  • atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7
  • atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7
  • atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7
  • atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7
  • atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7
  • atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7
  • atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7
  • atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7
  • atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7
  • atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7
  • atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7
  • atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7
  • cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7
  • cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7
refmap via4
fedora
  • FEDORA-2020-2a0aac3502
  • FEDORA-2020-aeea04cd13
  • FEDORA-2020-ccc3e64ea5
  • FEDORA-2020-f317e13ecf
misc
Last major update 18-10-2022 - 17:59
Published 12-02-2020 - 18:15
Last modified 18-10-2022 - 17:59
Back to Top