CVE-2026-13757 PUBLISHED

P11-kit: stack exhaustion via unbounded recursion in rpc attribute parsing

Assigner: redhat
Reserved: 29.06.2026 Published: 29.06.2026 Updated: 29.06.2026

A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit when processing nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TEMPLATE attributes. An unauthenticated attacker with local access to the p11-kit RPC Unix domain socket can send a specially crafted request with deeply nested template attributes, causing stack exhaustion and crashing the p11-kit server process and its dependent services.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 6.2

Product Status

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 6
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 7
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 8
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 9
Versions Default: affected
Vendor Red Hat
Product Red Hat Hardened Images
Versions Default: affected
Vendor Red Hat
Product Red Hat OpenShift Container Platform 4
Versions Default: affected

References

Problem Types

  • Uncontrolled Recursion CWE