CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16423 – opensc: Double free handling responses from smartcards in libopensc/sc.c:sc_file_set_sec_attr()
https://notcve.org/view.php?id=CVE-2018-16423
04 Sep 2018 — A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Varios desbordamientos de búfer al manejar las respuestas de una Smartcard en sc_file_set_sec_attr en libopensc/sc.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podrían ser empleados por atacantes para proporcionar smartcards ma... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-415: Double Free •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16424
https://notcve.org/view.php?id=CVE-2018-16424
04 Sep 2018 — A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Una doble liberación (double free) al manejar las respuestas en read_file en tools/egk-tool.c (también conocido como herramienta de tarjetas eGK) en OpenSC en versiones anteriores a la 0.19.0-rc1 podría ser empleada por atacantes para p... • https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-476b3b2a03c4eef331b4b0bfece4b063 • CWE-415: Double Free •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16425
https://notcve.org/view.php?id=CVE-2018-16425
04 Sep 2018 — A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Una doble liberación (double free) al manejar las respuestas de una HSM Card en sc_pkcs15emu_sc_hsm_init en libopensc/pkcs15-sc-hsm.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podría ser empleada por atacantes p... • https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d643a0fa169471dbf2912f4866dc49c5 • CWE-415: Double Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16426 – opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file()
https://notcve.org/view.php?id=CVE-2018-16426
04 Sep 2018 — Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs. Una recursión infinita al manejar las respuestas de una tarjeta IAS-ECC en iasecc_select_file en libopensc/card-iasecc.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podría ser empleada por atacantes para proporcionar smartcards manipuladas para provocar... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-674: Uncontrolled Recursion •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16420 – opensc: Buffer overflows handling responses from ePass 2003 Cards in card-epass2003.c:decrypt_response()
https://notcve.org/view.php?id=CVE-2018-16420
04 Sep 2018 — Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Varios desbordamientos de búfer al manejar las respuestas de una ePass 2003 Card en decrypt_response en libopensc/card-epass2003.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podrían ser empleados por a... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16422 – opensc: Buffer overflow handling responses from esteid cards in pkcs15-esteid.c:sc_pkcs15emu_esteid_init()
https://notcve.org/view.php?id=CVE-2018-16422
04 Sep 2018 — A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Un desbordamiento de búfer por único byte al manejar las respuestas de una esteid Card en sc_pkcs15emu_esteid_init en libopensc/pkcs15-esteid.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podría... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16418 – opensc: Buffer overflow handling string concatention in tools/util.c:util_acl_to_str()
https://notcve.org/view.php?id=CVE-2018-16418
04 Sep 2018 — A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Un desbordamiento de búfer al manejar la concatenación de cadenas en util_acl_to_str en tools/util.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podría ser empleado por atacantes para proporcionar smartcards manipuladas para provocar una... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16392 – opensc: Buffer overflows handling responses from TCOS Cards in card-tcos.c:tcos_select_file()
https://notcve.org/view.php?id=CVE-2018-16392
03 Sep 2018 — Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Varios desbordamientos de búfer al manejar las respuestas de una TCOS Card en tcos_select_file en libopensc/card-tcos.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podrían ser empleados por atacantes para proporcio... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16393 – opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len()
https://notcve.org/view.php?id=CVE-2018-16393
03 Sep 2018 — Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Varios desbordamientos de búfer al manejar las respuestas de una Smartcard Gemsafe V1 en gemsafe_get_cert_len en libopensc/pkcs15-gemsafeV1.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podría... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16391 – opensc: Buffer overflows handling responses from Muscle Cards in card-muscle.c:muscle_list_files()
https://notcve.org/view.php?id=CVE-2018-16391
03 Sep 2018 — Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Varios desbordamientos de búfer al manejar las respuestas de una Muscle Card en muscle_list_files en libopensc/card-muscle.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podrían ser empleados por atacantes para... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •