CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29362 – p11-kit: out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c
https://notcve.org/view.php?id=CVE-2020-29362
01 Jan 2020 — An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation. Se detectó un problema en p11-kit versiones 0.21.1 hasta 0.23.21. Se ha detectado una lectura excesiva de búfer en la región he... • https://github.com/p11-glue/p11-kit/releases • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-29363 – p11-kit: out-of-bounds write in p11_rpc_buffer_get_byte_array_value function in rpc-message.c
https://notcve.org/view.php?id=CVE-2020-29363
01 Jan 2020 — An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value. Se detectó un problema en p11-kit versiones 0.23.6 hasta 0.23.21. Se ha detectado un desbordamiento de búfer en la región heap de la memo... • https://github.com/p11-glue/p11-kit/releases • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-29361 – p11-kit: integer overflow when allocating memory for arrays or attributes and object identifiers
https://notcve.org/view.php?id=CVE-2020-29361
01 Jan 2020 — An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. Se detectó un problema en p11-kit versiones 0.21.1 hasta 0.23.21. Se han detectado múltiples desbordamientos de enteros en las asignaciones de matrices en la biblioteca de p11-kit y el comando de lista p11-kit, donde faltan comprobaciones de desbordamien... • https://github.com/p11-glue/p11-kit/releases • CWE-190: Integer Overflow or Wraparound •