Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:28581
HistoryDec 13, 2020 - 4:16 a.m.

Denial Of Service (DoS)

2020-12-1304:16:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8

0.001 Low

EPSS

Percentile

44.5%

p11-kit is vulnerable to denial of service (DoS). The vulnerability exists through a heap-based buffer over-read has been discovered in the RPC protocol used by the p11-kit server/remote commands and the client library in versions 0.21.1 up to 0.23.21. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.