TencentOS Server 3: p11-kit (TSSA-2022:0088)

🗓️ 16 Jun 2025 00:00:00Reported by TenableType

TencentOS Server 3 has vulnerabilities in p11-kit prior to tested version, fixed in updates.

Reporter	Title	Published	Views	Family All 182
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs	19 Oct 202115:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities	3 Dec 202118:52	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in go.etcd.io/etcd package affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data	6 Dec 202316:17	–	ibm
Tenable Nessus	Amazon Linux 2 : p11-kit (ALAS-2021-1601)	12 Mar 202100:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0088: p11-kit (ALINUX3-SA-2022:0088)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : p11-kit (ALSA-2021:1609)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : p11-kit (CESA-2021:1609)	19 May 202100:00	–	nessus
Tenable Nessus	Debian DLA-2513-1 : p11-kit security update	5 Jan 202100:00	–	nessus
Tenable Nessus	Debian DSA-4822-1 : p11-kit - security update	4 Jan 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : p11-kit (EulerOS-SA-2021-1015)	4 Jan 202100:00	–	nessus

Source	Link
mirrors	www.mirrors.tencent.com/tlinux/errata/tssa-20220088.xml
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2022:0088.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(239521);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/20");

  script_cve_id("CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363");

  script_name(english:"TencentOS Server 3: p11-kit (TSSA-2022:0088)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 3 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0088 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

    CVE-2020-29361:
    An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered
    in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are
    missing before calling realloc or calloc.

    CVE-2020-29362:
    An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been
    discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the
    remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may
    allow the reading of up to 4 bytes of memory past the heap allocation.

    CVE-2020-29363:
    An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been
    discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the
    remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate
    sufficient length for the buffer to store the deserialized value.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20220088.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-29362");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/07/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:p11-kit");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 3.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'p11-kit-0.23.22-1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'p11-kit-0.23.22-1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'p11-kit-debuginfo-0.23.22-1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'p11-kit-debuginfo-0.23.22-1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'p11-kit-debugsource-0.23.22-1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'p11-kit-debugsource-0.23.22-1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'p11-kit-devel-0.23.22-1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'p11-kit-devel-0.23.22-1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'p11-kit-server-0.23.22-1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'p11-kit-server-0.23.22-1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'p11-kit-server-debuginfo-0.23.22-1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'p11-kit-server-debuginfo-0.23.22-1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'p11-kit-trust-0.23.22-1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'p11-kit-trust-0.23.22-1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'p11-kit-trust-debuginfo-0.23.22-1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'p11-kit-trust-debuginfo-0.23.22-1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'p11-kit / p11-kit-debuginfo / p11-kit-debugsource / etc');
}

20 Nov 2025 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 25

CVSS 3.17.5

EPSS0.00355