PT-2026-53679 · Red Hat · Red Hat Enterprise Linux 10+6
Bzimport
·
Published
2026-06-29
·
Updated
2026-06-29
·
CVE-2026-13757
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
A flaw was found in p11-kit. The RPC message attribute parsing functions p11 rpc message get attribute() and p11 rpc message get attribute array value() form a mutually-recursive call chain with no recursion depth limit when processing nested CKA WRAP TEMPLATE, CKA UNWRAP TEMPLATE, and CKA DERIVE TEMPLATE attributes. An unauthenticated attacker with local access to the p11-kit RPC Unix domain socket can send a specially crafted request with deeply nested template attributes, causing stack exhaustion and crashing the p11-kit server process and its dependent services.
Fix
Uncontrolled Recursion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Red Hat Hardened Images
Red Hat Openshift Container Platform 4