Impact

Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.

Patches

The upstream 0.23.22 release should fix the issue, by using reallocarray more extensively.

Workarounds

None.

References

None.

For more information

If you have any questions or comments about this advisory:

• Open an issue in p11-kit project
• Email us at p11-glue mailing list

If the questions should be treated confidential, follow our security policy to reach out to us.