Описание
Security update for opensc
This update for opensc fixes the following issues:
- CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package() (bsc#1211894).
Список пакетов
SUSE Linux Enterprise Micro 5.1
opensc-0.19.0-150100.3.22.1
SUSE Linux Enterprise Micro 5.2
opensc-0.19.0-150100.3.22.1
SUSE Linux Enterprise Real Time 15 SP3
opensc-0.19.0-150100.3.22.1
Ссылки
- Link for SUSE-SU-2023:2508-1
- E-Mail link for SUSE-SU-2023:2508-1
- SUSE Security Ratings
- SUSE Bug 1211894
- SUSE CVE CVE-2023-2977 page
Описание
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.
Затронутые продукты
SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.22.1
SUSE Linux Enterprise Micro 5.2:opensc-0.19.0-150100.3.22.1
SUSE Linux Enterprise Real Time 15 SP3:opensc-0.19.0-150100.3.22.1
Ссылки
- CVE-2023-2977
- SUSE Bug 1211894