Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command in versions 0.21.1 up to 0.23.21, where overflow checks are missing before calling realloc or calloc.
Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command in versions 0.21.1 up to 0.23.21, where overflow checks are missing before calling realloc or calloc.
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2 https://github.com/p11-glue/p11-kit/commit/5307a1d21a50cacd06f471a873a018d23ba4b963 https://github.com/p11-glue/p11-kit/commit/bd670b1d4984b27d6a397b9ddafaf89ab26e4e7f