Unrated severityNVD Advisory· Published Dec 16, 2020· Updated Aug 4, 2024
CVE-2020-29361
CVE-2020-29361
Description
An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.
Affected products
53- p11-kit/p11-kitdescription
- osv-coords52 versionspkg:rpm/almalinux/p11-kitpkg:rpm/almalinux/p11-kit-develpkg:rpm/almalinux/p11-kit-serverpkg:rpm/almalinux/p11-kit-trustpkg:rpm/opensuse/p11-kit&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/p11-kit&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/apparmor&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/apparmor&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/apparmor&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ca-certificates&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ca-certificates&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libnettle&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libnettle&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/p11-kit&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/p11-kit&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/p11-kit&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/p11-kit&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/p11-kit&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/yast2-samba-client&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/yast2-samba-client&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 0.23.22-1.el8+ 51 more
- (no CPE)range: < 0.23.22-1.el8
- (no CPE)range: < 0.23.22-1.el8
- (no CPE)range: < 0.23.22-1.el8
- (no CPE)range: < 0.23.22-1.el8
- (no CPE)range: < 0.23.2-lp152.7.3.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 2.8.2-56.6.3
- (no CPE)range: < 2.8.2-56.6.3
- (no CPE)range: < 2.8.2-56.6.3
- (no CPE)range: < 1_201403302107-15.3.3
- (no CPE)range: < 1_201403302107-15.3.3
- (no CPE)range: < 3.4.17-8.4.1
- (no CPE)range: < 3.4.17-8.4.1
- (no CPE)range: < 3.1-21.3.2
- (no CPE)range: < 3.1-21.3.2
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-8.3.2
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-8.3.2
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-8.3.2
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 0.23.2-4.13.1
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-3.54.1
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-3.54.1
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-3.54.1
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-3.54.1
- (no CPE)range: < 1.16.1-7.28.9
- (no CPE)range: < 1.16.1-7.28.9
- (no CPE)range: < 1.16.1-7.28.9
- (no CPE)range: < 3.1.23-3.3.1
- (no CPE)range: < 3.1.23-3.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.debian.org/security/2021/dsa-4822mitrevendor-advisoryx_refsource_DEBIAN
- github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2mitrex_refsource_MISC
- lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2021/01/msg00002.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.