CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-29361 – p11-kit: integer overflow when allocating memory for arrays or attributes and object identifiers
https://notcve.org/view.php?id=CVE-2020-29361
An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. Se detectó un problema en p11-kit versiones 0.21.1 hasta 0.23.21. Se han detectado múltiples desbordamientos de enteros en las asignaciones de matrices en la biblioteca de p11-kit y el comando de lista p11-kit, donde faltan comprobaciones de desbordamiento antes de llamar a realloc o calloc • https://github.com/p11-glue/p11-kit/releases https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2021/01/msg00002.html https://www.debian.org/security/2021/dsa-4822 https://access.redhat.com/securi • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29362 – p11-kit: out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c
https://notcve.org/view.php?id=CVE-2020-29362
An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation. Se detectó un problema en p11-kit versiones 0.21.1 hasta 0.23.21. Se ha detectado una lectura excesiva de búfer en la región heap de la memoria en el protocolo RPC usado por los comandos remotos del servidor p11-kit y la biblioteca cliente. • https://github.com/p11-glue/p11-kit/releases https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc https://lists.debian.org/debian-lts-announce/2021/01/msg00002.html https://www.debian.org/security/2021/dsa-4822 https://access.redhat.com/security/cve/CVE-2020-29362 https://bugzilla.redhat.com/show_bug.cgi?id=1903590 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-29363 – p11-kit: out-of-bounds write in p11_rpc_buffer_get_byte_array_value function in rpc-message.c
https://notcve.org/view.php?id=CVE-2020-29363
An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value. Se detectó un problema en p11-kit versiones 0.23.6 hasta 0.23.21. Se ha detectado un desbordamiento de búfer en la región heap de la memoria en el protocolo RPC usado por los comandos remotos del servidor p11-kit y la biblioteca cliente. • https://github.com/p11-glue/p11-kit/releases https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x https://www.debian.org/security/2021/dsa-4822 https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE-2020-29363 https://bugzilla.redhat.com/show_bug.cgi?id=1903588 • CWE-787: Out-of-bounds Write •