Bugzilla – Bug 1180065
VUL-0: CVE-2020-29362: p11-kit: out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c
Last modified: 2022-09-06 14:19:08 UTC
CVE-2020-29362 The p11_rpc_buffer_get_byte_array function can read up to four bytes past the end of a heap allocation due to an incorrect bounds check, caused by a confusion between two similarly-named variables. References: https://bugzilla.redhat.com/show_bug.cgi?id=1903590 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29362
CVE-2020-29362 appears to correspond to this upstream commit: https://github.com/p11-glue/p11-kit/commit/69d751ca9df9ac101adfb1e5aa7e83e3358106ba Tracking as follows: SUSE:Carwos:1 Affected SUSE:SLE-12:Update Not affected [1] SUSE:SLE-12-SP3:Update Not affected [1] SUSE:SLE-15:Update Affected [1] function not present
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc
Fixed in Factory by upgrade to 0.23.22
Hi Ludwig, SUSE:SLE-15:Update/p11-kit has not been addressed yet, could you please submit the fix? Moreover, please do not close security issues from your side. Instead re-assign them back to the security team.
sle15 does not include the server module. What's the attack vector?
(In reply to Ludwig Nussel from comment #5) > sle15 does not include the server module. What's the attack vector? I can find the buggy function in the SUSE:SLE-15:Update/p11-kit sources. How can I see which modules are enable in our binary? According to the related GHSA [0] also the remote command is affected as well the client library. Could you confirm that this bug is not affecting us? [0] https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc
I will just submit the fix
submited for SUSE:SLE-15:Update and also the nely forked SUSE:SLE-12-SP5:Update p11-kit adjusted score to align with NVD
SUSE-SU-2022:2405-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1180065 CVE References: CVE-2020-29362 JIRA References: Sources used: openSUSE Leap 15.3 (src): p11-kit-0.23.2-150000.4.16.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): p11-kit-0.23.2-150000.4.16.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): p11-kit-0.23.2-150000.4.16.1 SUSE Linux Enterprise Micro 5.2 (src): p11-kit-0.23.2-150000.4.16.1 SUSE Linux Enterprise Micro 5.1 (src): p11-kit-0.23.2-150000.4.16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2871-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1180065 CVE References: CVE-2020-29362 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): p11-kit-0.23.2-8.10.1 SUSE Linux Enterprise Server 12-SP5 (src): p11-kit-0.23.2-8.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2405-2: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1180065 CVE References: CVE-2020-29362 JIRA References: Sources used: openSUSE Leap Micro 5.2 (src): p11-kit-0.23.2-150000.4.16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
*** Bug 1201534 has been marked as a duplicate of this bug. ***