漏洞信息详情

proglottis Go wrapper 资源管理错误漏洞

  • CNNVD编号:CNNVD-202002-700
  • 危害等级: 高危
  • CVE编号: CVE-2020-8945
  • 漏洞类型: 资源管理错误
  • 发布时间: 2020-02-12
  • 威胁类型: 远程
  • 更新时间: 2020-07-29
  • 厂        商:
  • 漏洞来源: Red Hat

漏洞简介

proglottis Go wrapper 0.1.1之前版本(用于GPGME库)中存在资源管理错误漏洞。攻击者可利用该漏洞造成拒绝服务或执行任意代码。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1

参考网址

来源:MISC

链接:https://github.com/proglottis/gpgme/pull/23

来源:MISC

链接:https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1

来源:MISC

链接:https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1

来源:MISC

链接:https://bugzilla.redhat.com/show_bug.cgi?id=1795838

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H6P6SSNKN4H6GSEVROHBDXA64PX7EOED/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDBT77KV3U7BESJX3P4S4MPVDGRTAQA2/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXV7NZELYWRRCXATXU3FYD3G3WJT3WYM/

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2020:0679

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2020:0689

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2020:0697

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/156683/Red-Hat-Security-Advisory-2020-0679-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1695/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/156715/Red-Hat-Security-Advisory-2020-0697-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1582/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2490/

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/GPGME-use-after-free-via-Proglottis-Go-Wrapper-GPG-Signature-Verification-31657

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.0914/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/157691/Red-Hat-Security-Advisory-2020-2027-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/157213/Red-Hat-Security-Advisory-2020-1402-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2374/

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2020-8945

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/157055/Red-Hat-Security-Advisory-2020-0934-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/158630/Red-Hat-Security-Advisory-2020-3167-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/158485/Red-Hat-Security-Advisory-2020-2927-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2567/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.0870/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/158405/Red-Hat-Security-Advisory-2020-2413-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1168/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/157682/Red-Hat-Security-Advisory-2020-2117-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1333/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/157544/Red-Hat-Security-Advisory-2020-1940-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1664/

受影响实体

    暂无


漏洞信息快速查询

相关漏洞

更多