Denial Of Service (DoS)

2020-12-1304:16:36

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

p11-kit is vulnerable to denial of service (DoS). The vulnerability exists through multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.

CPENameOperatorVersion
p11-kit:sideq0.23.21-2
p11-kit:3.12eq0.23.20-r5
p11-kit:3.10eq0.23.16.1-r0
p11-kit:3.11eq0.23.18.1-r0
p11-kit:bullseyeeq0.23.21-2
p11-kit:xenialeq0.23.2-3
p11-kit:xenialeq0.23.2-5~ubuntu16.04.1
p11-kit:groovyeq0.23.21-2build1
p11-kit:focaleq0.23.20-1build1
p11-kit:edgeeq0.23.20-r2

Name	Operator	Version
p11-kit:sid	eq	0.23.21-2
p11-kit:3.12	eq	0.23.20-r5
p11-kit:3.10	eq	0.23.16.1-r0
p11-kit:3.11	eq	0.23.18.1-r0
p11-kit:bullseye	eq	0.23.21-2
p11-kit:xenial	eq	0.23.2-3
p11-kit:xenial	eq	0.23.2-5~ubuntu16.04.1
p11-kit:groovy	eq	0.23.21-2build1
p11-kit:focal	eq	0.23.20-1build1
p11-kit:edge	eq	0.23.20-r2