1. CVE-Search
  2. CVE-2020-29363
ID CVE-2020-29363
Summary An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.
References
Vulnerable Configurations
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.6:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.6:*:*:*:*:*:*:*
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.7:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.7:*:*:*:*:*:*:*
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.8:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.8:*:*:*:*:*:*:*
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.9:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.9:*:*:*:*:*:*:*
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.10:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.10:*:*:*:*:*:*:*
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.11:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.11:*:*:*:*:*:*:*
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.12:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.12:*:*:*:*:*:*:*
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.13:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.13:*:*:*:*:*:*:*
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.14:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.14:*:*:*:*:*:*:*
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.15:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.15:*:*:*:*:*:*:*
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.16:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.16:*:*:*:*:*:*:*
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.17:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.17:*:*:*:*:*:*:*
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.18:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.18:*:*:*:*:*:*:*
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.19:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.19:*:*:*:*:*:*:*
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.20:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.20:*:*:*:*:*:*:*
  • cpe:2.3:a:p11-kit_project:p11-kit:0.23.21:*:*:*:*:*:*:*
    cpe:2.3:a:p11-kit_project:p11-kit:0.23.21:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 12-05-2022 - 14:47)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
debian DSA-4822
misc
Last major update 12-05-2022 - 14:47
Published 16-12-2020 - 14:15
Last modified 12-05-2022 - 14:47
Back to Top