Description
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Attack Vector
- network
- Complexity
- high
- Privileges
- none
- User Action
- required
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-416CWE-416
Metadata
- Primary Vendor
- REDHAT
- Published
- 9/1/2022
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
redhat : enterprise_linux_serverredhat : enterprise_linux_workstationpodman_project : podman
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.