Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-19481

Опубликовано: 01 дек. 2019
Источник: debian

Описание

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
openscfixed0.19.0~rc1-1package
openscnot-affectedstretchpackage
openscnot-affectedjessiepackage

Примечания

  • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618

  • CAC support added in: https://github.com/OpenSC/OpenSC/commit/777e2a3751e3f6d53f056c98e9e20e42af674fb1 (0.17.0-rc1)

  • Drop support of CAC1: https://github.com/OpenSC/OpenSC/commit/2190bb927c739852266481d6517aaf3a07b52526 (0.19.0-rc1)

  • Restored minimal CAC1 driver support: https://github.com/OpenSC/OpenSC/commit/e2b1fb81e0e1339eebaa36fb90635e03f69d4da3 (0.20.0-rc1)

  • https://github.com/OpenSC/OpenSC/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278

  • Mark 0.19.0~rc1 based version as fixed which removed the affected code, which

  • later was re-introduced upstream in 0.20.0~rc1 again.

Связанные уязвимости

ubuntu логотип

CVE-2019-19481

CVSS3: 4.6
ubuntu
около 6 лет назад

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.

redhat логотип

CVE-2019-19481

CVSS3: 4.6
redhat
больше 6 лет назад

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.

nvd логотип

CVE-2019-19481

CVSS3: 4.6
nvd
около 6 лет назад

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.

github логотип

GHSA-99x7-636q-6hvj

github
больше 3 лет назад

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.

oracle-oval логотип

ELSA-2020-4483

oracle-oval
около 5 лет назад

ELSA-2020-4483: opensc security, bug fix, and enhancement update (MODERATE)