CVE-2020-29363

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-29363
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-29363.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-29363
Aliases
  • GHSA-5j67-fw89-fp6x
Related
Published
2020-12-16T14:15:12Z
Modified
2024-10-12T06:33:51.449662Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.

References

Affected packages

Alpine:v3.10 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.16.1-r1

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0

Alpine:v3.11 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.18.1-r1

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0

Alpine:v3.12 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5

Alpine:v3.13 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5
0.23.21-r0

Alpine:v3.14 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5
0.23.21-r0

Alpine:v3.15 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5
0.23.21-r0

Alpine:v3.16 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5
0.23.21-r0

Alpine:v3.17 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5
0.23.21-r0

Alpine:v3.18 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5
0.23.21-r0

Alpine:v3.19 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5
0.23.21-r0

Alpine:v3.20 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5
0.23.21-r0

Debian:11 / p11-kit

Package

Name
p11-kit
Purl
pkg:deb/debian/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / p11-kit

Package

Name
p11-kit
Purl
pkg:deb/debian/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / p11-kit

Package

Name
p11-kit
Purl
pkg:deb/debian/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/p11-glue/p11-kit

Affected ranges

Type
GIT
Repo
https://github.com/p11-glue/p11-kit
Events

Affected versions

0.*

0.23.10
0.23.11
0.23.12
0.23.13
0.23.14
0.23.15
0.23.16
0.23.16.1
0.23.17
0.23.18
0.23.18.1
0.23.19
0.23.20
0.23.21
0.23.6
0.23.7