AVG-1106 log

Package opensc
Status Fixed
Severity Medium
Type denial of service
Affected 0.19.0-2
Fixed 0.20.0-1
Current 0.26.0-4 [extra]
Ticket FS#65082
Created Tue Mar 3 08:30:48 2020
Issue Severity Remote Type Description
CVE-2019-19481 Medium No Denial of service
An issue was discovered in OpenSC before 0.20.0. libopensc/card-cac1.c mishandles buffer limits for CAC certificates, leading to an out-of- bounds read.
CVE-2019-19480 Medium No Denial of service
An issue was discovered in OpenSC before 0.20.0. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.
CVE-2019-19479 Medium No Denial of service
An issue was discovered in OpenSC before 0.20.0. libopensc/card- setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.
CVE-2019-15946 Medium No Denial of service
OpenSC before 0.20.0 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
CVE-2019-15945 Medium No Denial of service
OpenSC before 0.20.0 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
CVE-2019-6502 Medium No Denial of service
sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.
Date Advisory Package Type
04 Mar 2020 ASA-202003-2 opensc denial of service