An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "p11-kit-dbgsym": "0.23.9-2ubuntu0.1", "p11-kit-modules-dbgsym": "0.23.9-2ubuntu0.1", "libp11-kit-dev": "0.23.9-2ubuntu0.1", "p11-kit": "0.23.9-2ubuntu0.1", "libp11-kit0-dbgsym": "0.23.9-2ubuntu0.1", "p11-kit-modules": "0.23.9-2ubuntu0.1", "libp11-kit0": "0.23.9-2ubuntu0.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "p11-kit-dbgsym": "0.23.20-1ubuntu0.1", "p11-kit-modules-dbgsym": "0.23.20-1ubuntu0.1", "libp11-kit-dev": "0.23.20-1ubuntu0.1", "p11-kit": "0.23.20-1ubuntu0.1", "libp11-kit0-dbgsym": "0.23.20-1ubuntu0.1", "p11-kit-modules": "0.23.20-1ubuntu0.1", "libp11-kit0": "0.23.20-1ubuntu0.1" } ] }