CVE-2026-13757
MediumCVSS 6.2Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
A flaw was found in p11-kit where the RPC message attribute parsing functions lack a recursion depth limit when processing nested template attributes. An unauthenticated attacker with local access to the p11-kit RPC Unix domain socket can send a crafted request with deeply nested attributes, causing stack exhaustion and crashing the p11-kit server and its dependent services.
Risk Assessment
The risk is a Denial of Service (DoS) attack on systems using p11-kit, potentially disrupting cryptographic services such as certificate management and PKCS#11 token operations.
Recommendation
Immediately update p11-kit to a version that introduces a recursion depth limit for template attributes. If an update is unavailable, restrict access to the p11-kit Unix domain socket to trusted processes only.
Original NVD description (English source)
A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit when processing nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TEMPLATE attributes. An unauthenticated attacker with local access to the p11-kit RPC Unix domain socket can send a specially crafted request with deeply nested template attributes, causing stack exhaustion and crashing the p11-kit server process and its dependent services.

