proglottis Go wrapper 资源管理错误漏洞

CNNVD-ID编号	CNNVD-202002-700
CVE编号	CVE-2020-8945
发布时间	2020-02-12
更新时间	2020-07-29
漏洞类型	资源管理错误
漏洞来源	N/A
危险等级	高危
威胁类型	远程
厂商	N/A

漏洞介绍

proglottis Go wrapper 0.1.1之前版本（用于GPGME库）中存在资源管理错误漏洞。攻击者可利用该漏洞造成拒绝服务或执行任意代码。

漏洞补丁

目前厂商已发布升级了proglottis Go wrapper 资源管理错误漏洞的补丁，proglottis Go wrapper 资源管理错误漏洞的补丁获取链接：

https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1

参考网址

来源:MISC

链接：https://github.com/proglottis/gpgme/pull/23
来源:MISC

链接：https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1
来源:MISC

链接：https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1
来源:MISC

链接：https://bugzilla.redhat.com/show_bug.cgi?id=1795838
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H6P6SSNKN4H6GSEVROHBDXA64PX7EOED/
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDBT77KV3U7BESJX3P4S4MPVDGRTAQA2/
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXV7NZELYWRRCXATXU3FYD3G3WJT3WYM/
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0679
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0689
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0697
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156683/Red-Hat-Security-Advisory-2020-0679-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1695/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156715/Red-Hat-Security-Advisory-2020-0697-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1582/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2490/
来源:vigilance.fr

链接：https://vigilance.fr/vulnerability/GPGME-use-after-free-via-Proglottis-Go-Wrapper-GPG-Signature-Verification-31657
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0914/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157691/Red-Hat-Security-Advisory-2020-2027-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157213/Red-Hat-Security-Advisory-2020-1402-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2374/
来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2020-8945
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157055/Red-Hat-Security-Advisory-2020-0934-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158630/Red-Hat-Security-Advisory-2020-3167-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158485/Red-Hat-Security-Advisory-2020-2927-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2567/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0870/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158405/Red-Hat-Security-Advisory-2020-2413-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1168/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157682/Red-Hat-Security-Advisory-2020-2117-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1333/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157544/Red-Hat-Security-Advisory-2020-1940-01.html

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202002-700