CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26571 – opensc: stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init
https://notcve.org/view.php?id=CVE-2020-26571
06 Oct 2020 — The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. El controlador de software de la tarjeta inteligente gemsafe GPK en OpenSC versiones anteriores a 0.21.0-rc1, presenta un desbordamiento en la región stack de la memoria en la función sc_pkcs15emu_gemsafeGPK_init An update that fixes 8 vulnerabilities is now available. This update for opensc fixes the following issues. Fixed an out-of-bounds access of an ASN.1 Bitstring i... • http://www.openwall.com/lists/oss-security/2020/11/24/4 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26572 – opensc: stack-based buffer overflow in tcos_decipher
https://notcve.org/view.php?id=CVE-2020-26572
06 Oct 2020 — The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. El controlador de software de la tarjeta inteligente TCOS en OpenSC versiones anteriores a 0.21.0-rc1, presenta un desbordamiento en la región stack de la memoria en la función tcos_decipher An update that fixes 8 vulnerabilities is now available. This update for opensc fixes the following issues. Fixed an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string. Fixed an out-of-bounds ... • http://www.openwall.com/lists/oss-security/2020/11/24/4 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-20792 – opensc: Double free in coolkey_free_private_data in libopensc/card-coolkey.c
https://notcve.org/view.php?id=CVE-2019-20792
29 Apr 2020 — OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check. OpenSC versiones anteriores a 0.20.0, tiene una vulnerabilidad de doble liberación en la función coolkey_free_private_data porque la función coolkey_add_object en el archivo libopensc/card-coolkey.c carece de una comprobación de unicidad. A use-after-free vulnerability was discovered in OpenSC while disconnecting a smart card. This flaw allows a physical attack... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-19479 – opensc: Incorrect read operation during parsing of a SETCOS file attribute
https://notcve.org/view.php?id=CVE-2019-19479
01 Dec 2019 — An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. Se detectó un problema en OpenSC versiones hasta 0.19.0 y versiones 0.20.x hasta 0.20.0-rc3. El archivo libopensc/card-setcos.c presenta una operación de lectura incorrecta durante el análisis de un atributo de archivo SETCOS. An update that fixes 8 vulnerabilities is now available. This update for opensc fixes the following issues... • http://www.openwall.com/lists/oss-security/2019/12/29/1 • CWE-125: Out-of-bounds Read •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 1CVE-2019-19480 – openSUSE Security Advisory - openSUSE-SU-2021:0565-1
https://notcve.org/view.php?id=CVE-2019-19480
01 Dec 2019 — An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. Se detectó un problema en OpenSC versiones hasta 0.19.0 y versiones 0.20.x hasta 0.20.0-rc3. El archivo libopensc/pkcs15-prkey.c presenta una operación liberada incorrecta en la función sc_pkcs15_decode_prkdf_entry. An update that fixes 8 vulnerabilities is now available. This update for opensc fixes the following issues. • http://www.openwall.com/lists/oss-security/2019/12/29/1 • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-15946 – opensc: Out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c
https://notcve.org/view.php?id=CVE-2019-15946
05 Sep 2019 — OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. OpenSC en versiones anteriores a la 0.20.0-rc1 tiene un acceso fuera de los límites de Octet string ASN.1 en asn1_decode_entry en libopensc/asn1.c. An update that fixes 8 vulnerabilities is now available. This update for opensc fixes the following issues. Fixed an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string. • http://www.openwall.com/lists/oss-security/2019/12/29/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-15945 – opensc: Out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c
https://notcve.org/view.php?id=CVE-2019-15945
05 Sep 2019 — OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. OpenSC en versiones anteriores a la 0.20.0-rc1 tiene un acceso fuera de límites de una Bitstring ASN.1 en decode_bit_string en libopensc/asn1.c. An update that fixes 8 vulnerabilities is now available. This update for opensc fixes the following issues. Fixed an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string. • http://www.openwall.com/lists/oss-security/2019/12/29/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16424
https://notcve.org/view.php?id=CVE-2018-16424
04 Sep 2018 — A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Una doble liberación (double free) al manejar las respuestas en read_file en tools/egk-tool.c (también conocido como herramienta de tarjetas eGK) en OpenSC en versiones anteriores a la 0.19.0-rc1 podría ser empleada por atacantes para p... • https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-476b3b2a03c4eef331b4b0bfece4b063 • CWE-415: Double Free •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16425
https://notcve.org/view.php?id=CVE-2018-16425
04 Sep 2018 — A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Una doble liberación (double free) al manejar las respuestas de una HSM Card en sc_pkcs15emu_sc_hsm_init en libopensc/pkcs15-sc-hsm.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podría ser empleada por atacantes p... • https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d643a0fa169471dbf2912f4866dc49c5 • CWE-415: Double Free •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16418 – opensc: Buffer overflow handling string concatention in tools/util.c:util_acl_to_str()
https://notcve.org/view.php?id=CVE-2018-16418
04 Sep 2018 — A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Un desbordamiento de búfer al manejar la concatenación de cadenas en util_acl_to_str en tools/util.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podría ser empleado por atacantes para proporcionar smartcards manipuladas para provocar una... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •