Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 01 Jul 2026 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
P11-kit Project
P11-kit Project p11-kit Redhat hardened Images Redhat openshift Container Platform |
|
| Vendors & Products |
P11-kit Project
P11-kit Project p11-kit Redhat hardened Images Redhat openshift Container Platform |
Tue, 30 Jun 2026 00:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Mon, 29 Jun 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit when processing nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TEMPLATE attributes. An unauthenticated attacker with local access to the p11-kit RPC Unix domain socket can send a specially crafted request with deeply nested template attributes, causing stack exhaustion and crashing the p11-kit server process and its dependent services. | |
| Title | P11-kit: stack exhaustion via unbounded recursion in rpc attribute parsing | |
| First Time appeared |
Redhat
Redhat enterprise Linux Redhat hummingbird Redhat openshift |
|
| Weaknesses | CWE-674 | |
| CPEs | cpe:/a:redhat:hummingbird:1 cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
| Vendors & Products |
Redhat
Redhat enterprise Linux Redhat hummingbird Redhat openshift |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-06-29T19:33:29.359Z
Reserved: 2026-06-29T17:43:59.500Z
Link: CVE-2026-13757
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T10:03:48Z