CVE-2020-8945 vulnerability in Gnupg and Other Products
Published on February 12, 2020

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2020-8945

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-8945 are published in these products:

Gnupg Gpgme

Red Hat Openshift Container Platform

Fedora Project Fedora

Red Hat Enterprise Linux Workstation

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Power Little Endian

Red Hat Enterprise Linux Ibm Z Systems

Gpgmeproject Gpgme

Exploit Probability

EPSS

1.97%

Percentile

83.30%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-8945 vulnerability in Gnupg and Other ProductsPublished on February 12, 2020

Products Associated with CVE-2020-8945

Exploit Probability

CVE-2020-8945 vulnerability in Gnupg and Other Products
Published on February 12, 2020