CVE-2020-29361 – CVE-2020-29361 is an integer overflow vulnerabi... (How to Fix)

Q: What is the severity of CVE-2020-29361?

CVE-2020-29361 has a CVSS score of 7.5 (HIGH). CVE-2020-29361 is an integer overflow vulnerability in p11-kit library versions 0.21.1 through 0.23.21. Missing overflow checks before memory allocation functions allow attackers to cause heap-based buffer overflows, potentially leading to arbitrary code execution. Systems using p11-kit for PKCS#11 cryptographic operations are affected.

📋 TL;DR

CVE-2020-29361 is an integer overflow vulnerability in p11-kit library versions 0.21.1 through 0.23.21. Missing overflow checks before memory allocation functions allow attackers to cause heap-based buffer overflows, potentially leading to arbitrary code execution. Systems using p11-kit for PKCS#11 cryptographic operations are affected.

💻 Affected Systems

Products:

p11-kit

Versions: 0.21.1 through 0.23.21

Operating Systems: Linux distributions including Debian, Ubuntu, Red Hat, CentOS

Default Config Vulnerable: ⚠️ Yes

Notes: Any application linking against vulnerable p11-kit libraries is affected. Common in systems using PKCS#11 for hardware security modules or smart cards.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the process using p11-kit, potentially leading to full system compromise.

🟠

Likely Case

Denial of service through application crashes or memory corruption.

🟢

If Mitigated

Limited impact if proper memory protections (ASLR, DEP) are enabled and the process runs with minimal privileges.

🌐 Internet-Facing: MEDIUM - Exploitation requires specific conditions but could affect services using p11-kit for TLS/SSL operations.

🏢 Internal Only: MEDIUM - Internal applications using p11-kit for cryptographic operations could be vulnerable to privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering specific code paths in p11-kit with carefully crafted input. No public exploits have been documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.23.22 or later

Vendor Advisory: https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2

Restart Required: Yes

Instructions:

1. Update p11-kit package using your distribution's package manager. 2. For Debian/Ubuntu: sudo apt update && sudo apt upgrade p11-kit. 3. For RHEL/CentOS: sudo yum update p11-kit. 4. Restart affected services or reboot system.

🔧 Temporary Workarounds

Disable vulnerable functionality

linux

If p11-kit features are not essential, disable PKCS#11 module loading in applications.

Configure applications to not use p11-kit modules via their configuration files

🧯 If You Can't Patch

Implement strict network controls to limit access to services using p11-kit
Run applications with minimal privileges and enable memory protection mechanisms (ASLR, DEP)

🔍 How to Verify

Check if Vulnerable:

Check p11-kit version: p11-kit --version

Check Version:

p11-kit --version

Verify Fix Applied:

Verify version is 0.23.22 or higher: p11-kit --version | grep -E '0\.23\.2[2-9]|0\.2[4-9]|1\.[0-9]'

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults in p11-kit related processes
Memory corruption errors in system logs

Network Indicators:

Unusual network connections from services using p11-kit

SIEM Query:

process.name:p11-kit AND (event.action:crash OR event.outcome:failure)

📊 Metadata

CVE ID: CVE-2020-29361

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-190

Published: December 16, 2020

Last Updated: November 21, 2024

🔗 References

https://github.com/p11-glue/p11-kit/releases Release Notes,Third Party Advisory
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2 Third Party Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/01/msg00002.html Mailing List,Third Party Advisory
https://www.debian.org/security/2021/dsa-4822 Third Party Advisory
https://github.com/p11-glue/p11-kit/releases Release Notes,Third Party Advisory
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2 Third Party Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/01/msg00002.html Mailing List,Third Party Advisory
https://www.debian.org/security/2021/dsa-4822 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-29361, you might also want to check these: