Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2020-29362

Опубликовано: 24 дек. 2020
Источник: msrc
CVSS3: 5.3
EPSS Низкий

Описание

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.

FAQ

Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?

One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.

EPSS

Процентиль: 25%
0.00084
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-29362

CVSS3: 5.3
ubuntu
около 5 лет назад

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.

redhat логотип

CVE-2020-29362

CVSS3: 5.3
redhat
около 5 лет назад

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.

nvd логотип

CVE-2020-29362

CVSS3: 5.3
nvd
около 5 лет назад

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.

debian логотип

CVE-2020-29362

CVSS3: 5.3
debian
около 5 лет назад

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-base ...

suse-cvrf логотип

SUSE-SU-2022:2871-1

suse-cvrf
больше 3 лет назад

Security update for p11-kit

EPSS

Процентиль: 25%
0.00084
Низкий

5.3 Medium

CVSS3