A flaw was found in p11-kit. A remote attacker could...
Moderate severity
Unreviewed
Published
Mar 26, 2026
to the GitHub Advisory Database
•
Updated Jul 7, 2026
Description
Published by the National Vulnerability Database
Mar 26, 2026
Published to the GitHub Advisory Database
Mar 26, 2026
Last updated
Jul 7, 2026
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.
References