Bjorn3

**Name of the Vulnerable Software and Affected Versions** PAM-PKCS#11 versions 0.6.12 and prior **Description** The issue affects a Linux-PAM login module that allows X.509 certificate-based user login. When a user presses ctrl-c/ctrl-d while being asked for a PIN, the pam pkcs11 module segfaults. Additionally, if a user enters no PIN, `pam get pwd` will not initialize the password buffer pointer, causing `cleanse` to try to dereference an uninitialized pointer, potentially leading to a segfault. The most likely impact is an availability issue due to a daemon that uses PAM crashing. **Recommendations** For versions 0.6.12 and prior, as a temporary workaround, consider disabling the pam pkcs11 module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.