CVE-2020-29362Out-of-bounds Read in Project P11-kit

CWE-125Out-of-bounds Read7 documents7 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 77.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
P11-kit Project P11-kitDebian P11-kitMsrc CM1 P11-kit 0.23.22-1 ON CBL Mariner 1.0
Timeline
PublishedDec 16
Latest updateDec 14

Description

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

debiandebian/p11-kit< p11-kit 0.23.22-1 (bookworm)
NVDp11-kit_project/p11-kit0.23.60.23.22
Debianp11-kit_project/p11-kit< 0.23.22-1+3

🔴Vulnerability Details

1
OSV
CVE-2020-29362: An issue was discovered in p11-kit 02020-12-16

📋Vendor Advisories

5
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.12023-12-14
Ubuntu
p11-kit vulnerabilities2021-01-05
Red Hat
p11-kit: out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c2020-12-12
Microsoft
An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When 2020-12-08
Debian
CVE-2020-29362: p11-kit - An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer o...2020
CVE-2020-29362 — Out-of-bounds Read in Project P11-kit | cvebase