Unrated severityNVD Advisory· Published Dec 16, 2020· Updated Aug 4, 2024
CVE-2020-29363
CVE-2020-29363
Description
An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.
Affected products
5- p11-kit/p11-kitdescription
- osv-coords4 versionspkg:rpm/almalinux/p11-kitpkg:rpm/almalinux/p11-kit-develpkg:rpm/almalinux/p11-kit-serverpkg:rpm/almalinux/p11-kit-trust
< 0.23.22-1.el8+ 3 more
- (no CPE)range: < 0.23.22-1.el8
- (no CPE)range: < 0.23.22-1.el8
- (no CPE)range: < 0.23.22-1.el8
- (no CPE)range: < 0.23.22-1.el8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.debian.org/security/2021/dsa-4822mitrevendor-advisoryx_refsource_DEBIAN
- github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6xmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuapr2022.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.