CVE-2020-29361

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions p11-kit versions 0.21.1 through 0.23.21

Description An issue has been discovered in the p11-kit library and the p11-kit list command, where multiple integer overflows have been found in the array allocations. These overflows occur due to missing overflow checks before calling realloc or calloc. This can potentially allow a remote attacker to cause a denial of service.

Recommendations For p11-kit versions 0.21.1 through 0.23.21, consider updating to a version that includes fixes for the integer overflows in the array allocations. As a temporary workaround, restrict the use of the p11-kit library and the p11-kit list command to minimize the risk of exploitation. Avoid using the realloc or calloc functions in the affected array allocations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2021:1609

ALT-PU-2022-1076

ALT-PU-2022-2435

ALT-PU-2023-1006

BDU:2021-03158

CESA-2021_1609

CVE-2020-29361

DLA-2513-1

DSA-4822-1

GHSA-Q4R3-HM6M-MVC2

MGASA-2021-0041

OESA-2021-1024

OPENSUSE-SU-2021:1611-1

OPENSUSE-SU-2021:4154-1

OPENSUSE-SU-2021_1611-1

OPENSUSE-SU-2021_4154-1

OPENSUSE-SU-2024:11136-1

RHSA-2021:1609

RHSA-2021_1609

RLSA-2021:1609

SUSE-SU-2021:4154-1

SUSE-SU-2021_4154-1

SUSE-SU-2022:0323-1

USN-4677-1

USN-4677-2

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

P11-Kit

CVE-2020-29361

Weakness Enumeration

Related Identifiers

Affected Products

References · 89