{"id":"GO-2020-0002","details":"The Data, Context, or Key finalizers might run during or before GPGME\noperations. This will release the C structures that are still in use, leading\nto crashes and potentially code execution through a use-after-free.\n","modified":"2022-08-29T16:50:59Z","published":"2021-04-14T20:04:52Z","withdrawn":"2024-05-15T05:37:10.997384Z","references":[{"type":"FIX","url":"https://github.com/proglottis/gpgme/pull/23"},{"type":"FIX","url":"https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733"}],"affected":[{"package":{"name":"github.com/proglottis/gpgme","ecosystem":"Go","purl":"pkg:golang/github.com/proglottis/gpgme"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.1.1"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/proglottis/gpgme"}]},"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2020-0002","source":"https://vuln.go.dev/ID/GO-2020-0002.json"}}],"schema_version":"1.7.3"}