CVE Catalog

CVE-2026-13757

MediumCVSS 6.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile — higher than 2% of all known CVEs

Summary

A flaw was found in p11-kit where the RPC message attribute parsing functions lack a recursion depth limit when processing nested template attributes. An unauthenticated attacker with local access to the p11-kit RPC Unix domain socket can send a crafted request with deeply nested attributes, causing stack exhaustion and crashing the p11-kit server and its dependent services.

Risk Assessment

The risk is a Denial of Service (DoS) attack on systems using p11-kit, potentially disrupting cryptographic services such as certificate management and PKCS#11 token operations.

Recommendation

Immediately update p11-kit to a version that introduces a recursion depth limit for template attributes. If an update is unavailable, restrict access to the p11-kit Unix domain socket to trusted processes only.

Original NVD description (English source)

A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit when processing nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TEMPLATE attributes. An unauthenticated attacker with local access to the p11-kit RPC Unix domain socket can send a specially crafted request with deeply nested template attributes, causing stack exhaustion and crashing the p11-kit server process and its dependent services.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS