Your submission was sent successfully! Close

CVE-2020-29361

Published: 16 December 2020

An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
p11-kit
Launchpad, Ubuntu, Debian
bionic
Released (0.23.9-2ubuntu0.1)
focal
Released (0.23.20-1ubuntu0.1)
groovy
Released (0.23.21-2ubuntu0.1)
hirsute
Released (0.23.22-1)
precise Ignored
(end of ESM support, was needs-triage)
trusty
Released (0.20.2-2ubuntu2+esm1)
upstream
Released (0.23.22-1)
xenial
Released (0.23.2-5~ubuntu16.04.2)