Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-29363

Опубликовано: 16 дек. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.

РелизСтатусПримечание
bionic

released

0.23.9-2ubuntu0.1
devel

released

0.23.22-1
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

released

0.23.9-2ubuntu0.1
esm-infra/focal

released

0.23.20-1ubuntu0.1
esm-infra/xenial

not-affected

code not present
focal

released

0.23.20-1ubuntu0.1
groovy

released

0.23.21-2ubuntu0.1
hirsute

released

0.23.22-1
precise/esm

ignored

end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 68%
0.00575
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-29363

CVSS3: 7.5
redhat
около 5 лет назад

An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.

nvd логотип

CVE-2020-29363

CVSS3: 7.5
nvd
почти 5 лет назад

An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.

msrc логотип

CVE-2020-29363

CVSS3: 7.5
msrc
почти 5 лет назад

An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.

debian логотип

CVE-2020-29363

CVSS3: 7.5
debian
почти 5 лет назад

An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-base ...

fstec логотип

BDU:2021-01897

CVSS3: 7.5
fstec
около 5 лет назад

Уязвимость функции p11_rpc_buffer_get_byte_array_value библиотеки для работы с модулями PKCS P11-kit, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 68%
0.00575
Низкий

5 Medium

CVSS2

7.5 High

CVSS3