Описание
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the pkcs15-init tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/focal | released | 0.20.0-3ubuntu0.1~esm4 |
| esm-apps/jammy | released | 0.22.0-1ubuntu2+esm1 |
| esm-apps/noble | released | 0.25.0~rc1-1ubuntu0.1~esm1 |
| esm-apps/xenial | not-affected | code not present |
| focal | ignored | end of standard support, was needed |
| jammy | needed | |
| noble | needed | |
| oracular | released | 0.25.1-2ubuntu1.1 |
Показывать по
2.9 Low
CVSS3
Связанные уязвимости
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.
A heap-based buffer overflow vulnerability was found in the libopensc ...
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.
Уязвимость функции openpgp_generate_key_rsa() утилиты персонализации смарт-карт pkcs15-init набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю обойти ограничения безопасности и выполнить произвольный код
2.9 Low
CVSS3