Integer overflow when allocating memory for arrays of attributes and object identifiers

Impact

Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.

Patches

The upstream 0.23.22 release should fix the issue, by using reallocarray more extensively.

Workarounds

None.

References

None.

For more information

If you have any questions or comments about this advisory:

Open an issue in p11-kit project
Email us at p11-glue mailing list

If the questions should be treated confidential, follow our security policy to reach out to us.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Integer overflow when allocating memory for arrays of attributes and object identifiers

Package

Affected versions

Patched versions

Description

Impact

Patches

Workarounds

References

For more information

Severity

CVE ID

Weaknesses

Credits