opensc

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Tools and libraries for smart cards
Version 0.20.0-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1106 0.19.0-2 0.20.0-1 Medium Fixed FS#65082
Issue Group Severity Remote Type Description
CVE-2019-19481 AVG-1106 Medium No Denial of service
An issue was discovered in OpenSC before 0.20.0. libopensc/card-cac1.c mishandles buffer limits for CAC certificates, leading to an out-of- bounds read.
CVE-2019-19480 AVG-1106 Medium No Denial of service
An issue was discovered in OpenSC before 0.20.0. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.
CVE-2019-19479 AVG-1106 Medium No Denial of service
An issue was discovered in OpenSC before 0.20.0. libopensc/card- setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.
CVE-2019-15946 AVG-1106 Medium No Denial of service
OpenSC before 0.20.0 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
CVE-2019-15945 AVG-1106 Medium No Denial of service
OpenSC before 0.20.0 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
CVE-2019-6502 AVG-1106 Medium No Denial of service
sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.

Advisories

Date Advisory Group Severity Description
04 Mar 2020 ASA-202003-2 AVG-1106 Medium denial of service