CVE-2020-29361Integer Overflow or Wraparound in P11-kit

CWE-190Integer Overflow or Wraparound8 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 52.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
P11-kit Project P11-kitDebian P11-kitDebian Linux+1 more
Timeline
PublishedDec 16
Latest updateDec 14

Description

An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

debiandebian/p11-kit< p11-kit 0.23.22-1 (bookworm)
Debianp11-kit_project/p11-kit< 0.23.22-1+3
NVDp11-kit_project/p11-kit0.21.10.23.21

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

1
OSV
CVE-2020-29361: An issue was discovered in p11-kit 02020-12-16

📋Vendor Advisories

6
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.12023-12-14
Ubuntu
p11-kit vulnerability2021-01-06
Ubuntu
p11-kit vulnerabilities2021-01-05
Red Hat
p11-kit: integer overflow when allocating memory for arrays or attributes and object identifiers2020-12-12
Microsoft
An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command where overflow c2020-12-08
CVE-2020-29361 — Integer Overflow or Wraparound | cvebase