CVE-2019-20792

Опубликовано: 29 апр. 2020

Источник: debian

Описание

OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.

Пакет	Статус	Версия исправления	Релиз	Тип
opensc	fixed	0.20.0-1		package
opensc	fixed	0.19.0-1+deb10u1	buster	package
opensc	not-affected		stretch	package
opensc	postponed		jessie	package

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208
https://github.com/OpenSC/OpenSC/commit/c246f6f69a749d4f68626b40795a4f69168008f4

CVE-2019-20792

CVSS3: 6.8

ubuntu

почти 6 лет назад

OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.

CVE-2019-20792

CVSS3: 6.4

redhat

около 6 лет назад

OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.

CVE-2019-20792

CVSS3: 6.8

nvd

почти 6 лет назад

OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.

GHSA-m2w8-wqfw-qchx

github

больше 3 лет назад

OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.

ELSA-2020-4483

oracle-oval

около 5 лет назад

ELSA-2020-4483: opensc security, bug fix, and enhancement update (MODERATE)