An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-16T13:29:34
Updated: 2024-08-04T16:48:01.645Z
Reserved: 2020-11-27T00:00:00
Link: CVE-2020-29363
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-12-16T14:15:12.840
Modified: 2022-05-12T14:47:48.787
Link: CVE-2020-29363
Redhat