Описание
[NULL dereference via C_DeriveKey with specific NULL parameters]
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| p11-kit | fixed | 0.26.2-1 | experimental | package |
| p11-kit | fixed | 0.26.2-2 | package | |
| p11-kit | not-affected | trixie | package | |
| p11-kit | not-affected | bookworm | package | |
| p11-kit | not-affected | bullseye | package |
Примечания
Introduced with: https://github.com/p11-glue/p11-kit/commit/aee856f75e06e451a34cb1fdd6630945c9d1623c (0.25.6)
Introduced with: https://github.com/p11-glue/p11-kit/commit/d7523b1031938fdd9740757f90e903aa09f5397d (0.25.6)
Fixed by: https://github.com/p11-glue/p11-kit/commit/39f3b5ed3deccc2772e21ffb7d269329e3ecb600 (0.26.2)
EPSS
Связанные уязвимости
[NULL dereference via C_DeriveKey with specific NULL parameters]
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.
EPSS