Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for p11-kit (EulerOS-SA-2021-1015)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.2.2021.1015

Kategorie: Huawei EulerOS Local Security Checks

Titel: Huawei EulerOS: Security Advisory for p11-kit (EulerOS-SA-2021-1015)

Zusammenfassung: The remote host is missing an update for the Huawei EulerOS 'p11-kit' package(s) announced via the EulerOS-SA-2021-1015 advisory.

Beschreibung: Summary:
The remote host is missing an update for the Huawei EulerOS 'p11-kit' package(s) announced via the EulerOS-SA-2021-1015 advisory.

Vulnerability Insight:
An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.(CVE-2020-29361)

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.(CVE-2020-29362)

An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.(CVE-2020-29363)

Affected Software/OS:
'p11-kit' package(s) on Huawei EulerOS V2.0SP9(x86_64).

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-29361
Common Vulnerability Exposure (CVE) ID: CVE-2020-29362
Common Vulnerability Exposure (CVE) ID: CVE-2020-29363

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2021.1015
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for p11-kit (EulerOS-SA-2021-1015)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'p11-kit' package(s) announced via the EulerOS-SA-2021-1015 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'p11-kit' package(s) announced via the EulerOS-SA-2021-1015 advisory. Vulnerability Insight: An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.(CVE-2020-29361) An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.(CVE-2020-29362) An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.(CVE-2020-29363) Affected Software/OS: 'p11-kit' package(s) on Huawei EulerOS V2.0SP9(x86_64). Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-29361 Common Vulnerability Exposure (CVE) ID: CVE-2020-29362 Common Vulnerability Exposure (CVE) ID: CVE-2020-29363
Copyright	Copyright (C) 2021 Greenbone Networks GmbH