CVE-2020-29361

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-29361
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-29361.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-29361
Aliases
  • GHSA-q4r3-hm6m-mvc2
Related
Published
2020-12-16T14:15:12Z
Modified
2024-09-18T03:12:29.006889Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.

References

Affected packages

Alpine:v3.10 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.16.1-r1

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0

Alpine:v3.11 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.18.1-r1

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0

Alpine:v3.12 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5

Alpine:v3.13 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5
0.23.21-r0

Alpine:v3.14 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5
0.23.21-r0

Alpine:v3.15 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5
0.23.21-r0

Alpine:v3.16 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5
0.23.21-r0

Alpine:v3.17 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5
0.23.21-r0

Alpine:v3.18 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5
0.23.21-r0

Alpine:v3.19 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5
0.23.21-r0

Alpine:v3.20 / p11-kit

Package

Name
p11-kit
Purl
pkg:apk/alpine/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-r0

Affected versions

0.*

0.9-r0
0.12-r0
0.13-r0
0.18.0-r0
0.18.1-r0
0.18.1-r1
0.18.1-r2
0.18.2-r0
0.18.4-r0
0.20.2-r0
0.22.1-r0
0.23.1-r0
0.23.1-r1
0.23.2-r0
0.23.2-r1
0.23.2-r2
0.23.10-r0
0.23.14-r0
0.23.15-r0
0.23.16.1-r0
0.23.17-r0
0.23.18.1-r0
0.23.20-r0
0.23.20-r1
0.23.20-r2
0.23.20-r3
0.23.20-r4
0.23.20-r5
0.23.21-r0

Debian:11 / p11-kit

Package

Name
p11-kit
Purl
pkg:deb/debian/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / p11-kit

Package

Name
p11-kit
Purl
pkg:deb/debian/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / p11-kit

Package

Name
p11-kit
Purl
pkg:deb/debian/p11-kit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.22-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/p11-glue/p11-kit

Affected ranges

Type
GIT
Repo
https://github.com/p11-glue/p11-kit
Events
Introduced
6a8843b3c5f6d44eb280a54653388a3de316f638
Last affected
fd8b56f3ee971f94dc6fc95411fc01e1c12153ab

Affected versions

0.*

0.21.1
0.21.2
0.21.3
0.22.0
0.22.1
0.23.1
0.23.10
0.23.11
0.23.12
0.23.13
0.23.14
0.23.15
0.23.16
0.23.16.1
0.23.17
0.23.18
0.23.18.1
0.23.19
0.23.2
0.23.20
0.23.21
0.23.3
0.23.4
0.23.5
0.23.6
0.23.7