Subject: [ASA-202003-2] opensc: denial of service Arch Linux Security Advisory ASA-202003-2 ========================================= Severity: Medium Date : 2020-03-04 CVE-ID : CVE-2019-6502 CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2019-19480 CVE-2019-19481 Package : opensc Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-1106 Summary ======= The package opensc before version 0.20.0-1 is vulnerable to denial of service. Resolution ========== Upgrade to 0.20.0-1. # pacman -Syu "opensc>=0.20.0-1" The problems have been fixed upstream in version 0.20.0. Workaround ========== None. Description =========== - CVE-2019-6502 (denial of service) sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. - CVE-2019-15945 (denial of service) OpenSC before 0.20.0 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. - CVE-2019-15946 (denial of service) OpenSC before 0.20.0 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. - CVE-2019-19479 (denial of service) An issue was discovered in OpenSC before 0.20.0. libopensc/card- setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. - CVE-2019-19480 (denial of service) An issue was discovered in OpenSC before 0.20.0. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. - CVE-2019-19481 (denial of service) An issue was discovered in OpenSC before 0.20.0. libopensc/card-cac1.c mishandles buffer limits for CAC certificates, leading to an out-of- bounds read. Impact ====== A local attacker is able to crash the application with a malformed certificate. References ========== https://bugs.archlinux.org/task/65082 https://github.com/OpenSC/OpenSC/issues/1586 https://github.com/OpenSC/OpenSC/commit/0d7967549751b7032f22b437106b41444aff0ba9 https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68 https://github.com/OpenSC/OpenSC/compare/f1691fc...12218d4 https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693 https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478 https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7 https://github.com/OpenSC/OpenSC/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618 https://security.archlinux.org/CVE-2019-6502 https://security.archlinux.org/CVE-2019-15945 https://security.archlinux.org/CVE-2019-15946 https://security.archlinux.org/CVE-2019-19479 https://security.archlinux.org/CVE-2019-19480 https://security.archlinux.org/CVE-2019-19481