CVE-2020-29362

p11-kit: out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.

Se detectó un problema en p11-kit versiones 0.21.1 hasta 0.23.21. Se ha detectado una lectura excesiva de búfer en la región heap de la memoria en el protocolo RPC usado por los comandos remotos del servidor p11-kit y la biblioteca cliente. Cuando la entidad remota suministra una matriz de bytes por medio de una llamada de función PKCS#11 serializada, la entidad receptora puede permitir la lectura de hasta 4 bytes de memoria más allá de la asignación de la pila

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-01-01 CVE Published
2020-11-27 CVE Reserved
2024-08-04 CVE Updated
2024-10-20 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (6)

URL	Tag	Source
https://github.com/p11-glue/p11-kit/releases	Release Notes
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00002.html	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.debian.org/security/2021/dsa-4822	2021-01-11
https://access.redhat.com/security/cve/CVE-2020-29362	2021-05-18
https://bugzilla.redhat.com/show_bug.cgi?id=1903590	2021-05-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
P11-kit Project Search vendor "P11-kit Project"		P11-kit Search vendor "P11-kit Project" for product "P11-kit"				>= 0.23.6 < 0.23.22 Search vendor "P11-kit Project" for product "P11-kit" and version " >= 0.23.6 < 0.23.22"		-		Affected