CVE-2020-29363 log

Severity Medium
Remote Yes
Type Arbitrary code execution
A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library in versions 0.23.6 up to 0.23.21. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.
Group Package Affected Fixed Severity Status Ticket
AVG-1355 p11-kit 0.23.21-1 0.23.22-1 Medium Fixed