Vulnerability Details : CVE-2020-29361
An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.
Vulnerability category: Overflow
Products affected by CVE-2020-29361
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:p11-kit_project:p11-kit:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-29361
0.85%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-29361
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-29361
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-29361
-
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
Issue Tracking;Mailing List;Third Party Advisory
-
https://www.debian.org/security/2021/dsa-4822
Debian -- Security Information -- DSA-4822-1 p11-kitThird Party Advisory
-
https://github.com/p11-glue/p11-kit/releases
Releases · p11-glue/p11-kit · GitHubRelease Notes;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/01/msg00002.html
[SECURITY] [DLA 2513-1] p11-kit security updateMailing List;Third Party Advisory
-
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2
Integer overflow when allocating memory for arrays of attributes and object identifiers · Advisory · p11-glue/p11-kit · GitHubThird Party Advisory
-
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
[GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 - Pony MailIssue Tracking;Mailing List;Third Party Advisory
Jump to