CVE-2020-29361

Name
CVE-2020-29361
Description
An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2
Release Notes https://github.com/p11-glue/p11-kit/releases
DEBIAN https://www.debian.org/security/2021/dsa-4822
MLIST https://lists.debian.org/debian-lts-announce/2021/01/msg00002.html
MLIST https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
MLIST https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:p11-kit_project:p11-kit:*:*:*:*:*:*:*:* p11-kit >= 0.21.1 <= 0.23.21

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
p11-kit 3.13-main 0.23.22-r0 Fabian Affolter <fabian@affolter-engineering.ch> fixed
p11-kit 3.12-main 0.23.22-r0 Fabian Affolter <fabian@affolter-engineering.ch> fixed
p11-kit 3.11-main 0.23.18.1-r1 Fabian Affolter <fabian@affolter-engineering.ch> fixed
p11-kit 3.10-main 0.23.16.1-r1 Fabian Affolter <fabian@affolter-engineering.ch> fixed
p11-kit 3.14-main 0.23.22-r0 Fabian Affolter <fabian@affolter-engineering.ch> fixed