FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
fdc49972-3ca7-11eb-929d-d4c9ef517024	p11-kit -- Multiple vulnerabilities The p11-glue project reports: CVE-2020-29363: Out-of-bounds write in p11_rpc_buffer_get_byte_array_value function A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value. CVE-2020-29362: Out-of-bounds read in p11_rpc_buffer_get_byte_array function A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation. CVE-2020-29361: Integer overflow when allocating memory for arrays of attributes and object identifiers Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. Discovery 2020-12-12 Entry 2020-12-12 p11-kit lt 0.23.22 https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html CVE-2020-29361 CVE-2020-29362 CVE-2020-29363

VuXML ID

Description

fdc49972-3ca7-11eb-929d-d4c9ef517024

p11-kit -- Multiple vulnerabilities

The p11-glue project reports:

CVE-2020-29363: Out-of-bounds write in p11_rpc_buffer_get_byte_array_value function

A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.

CVE-2020-29362: Out-of-bounds read in p11_rpc_buffer_get_byte_array function

A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.

CVE-2020-29361: Integer overflow when allocating memory for arrays of attributes and object identifiers

Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.

Discovery 2020-12-12
Entry 2020-12-12
p11-kit

lt 0.23.22

https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html
CVE-2020-29361
CVE-2020-29362
CVE-2020-29363