2 matches found
proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...
PT-2020-20383 · Proglottis +3 · Proglottis Go Wrapper +3
Name of the Vulnerable Software and Affected Versions: proglottis Go wrapper versions prior to 0.1.1 Description: The issue is related to a use-after-free problem, which can cause a crash or potentially allow code execution during GPG signature verification. This is due to improper memory...