CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6502
https://notcve.org/view.php?id=CVE-2019-6502
22 Jan 2019 — sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. En la versión 0.19.0 de OpenSC, sc_context_create en ctx.c en libopensc tiene una fuga de memoria, tal y como queda demostrado con una llamada desde eidenv. • http://www.openwall.com/lists/oss-security/2019/12/29/1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16418 – opensc: Buffer overflow handling string concatention in tools/util.c:util_acl_to_str()
https://notcve.org/view.php?id=CVE-2018-16418
04 Sep 2018 — A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Un desbordamiento de búfer al manejar la concatenación de cadenas en util_acl_to_str en tools/util.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podría ser empleado por atacantes para proporcionar smartcards manipuladas para provocar una... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16419 – opensc: Buffer overflow handling responses from Cryptoflex cards in cryptoflex-tool.c:read_public_key()
https://notcve.org/view.php?id=CVE-2018-16419
04 Sep 2018 — Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Varios desbordamientos de búfer al manejar las respuestas de una tarjeta Cryptoflex en read_public_key en tools/cryptoflex-tool.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podrían ser empleados por atacant... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16420 – opensc: Buffer overflows handling responses from ePass 2003 Cards in card-epass2003.c:decrypt_response()
https://notcve.org/view.php?id=CVE-2018-16420
04 Sep 2018 — Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Varios desbordamientos de búfer al manejar las respuestas de una ePass 2003 Card en decrypt_response en libopensc/card-epass2003.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podrían ser empleados por a... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16421 – opensc: Buffer overflows handling responses from CAC Cards in card-cac.c:cac_get_serial_nr_from_CUID()
https://notcve.org/view.php?id=CVE-2018-16421
04 Sep 2018 — Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Varios desbordamientos de búfer al manejar las respuestas de una CAC Card en cac_get_serial_nr_from_CUID en libopensc/card-cac.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podrían ser empleados por atacan... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16422 – opensc: Buffer overflow handling responses from esteid cards in pkcs15-esteid.c:sc_pkcs15emu_esteid_init()
https://notcve.org/view.php?id=CVE-2018-16422
04 Sep 2018 — A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Un desbordamiento de búfer por único byte al manejar las respuestas de una esteid Card en sc_pkcs15emu_esteid_init en libopensc/pkcs15-esteid.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podría... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16423 – opensc: Double free handling responses from smartcards in libopensc/sc.c:sc_file_set_sec_attr()
https://notcve.org/view.php?id=CVE-2018-16423
04 Sep 2018 — A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Varios desbordamientos de búfer al manejar las respuestas de una Smartcard en sc_file_set_sec_attr en libopensc/sc.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podrían ser empleados por atacantes para proporcionar smartcards ma... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-415: Double Free •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16424
https://notcve.org/view.php?id=CVE-2018-16424
04 Sep 2018 — A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Una doble liberación (double free) al manejar las respuestas en read_file en tools/egk-tool.c (también conocido como herramienta de tarjetas eGK) en OpenSC en versiones anteriores a la 0.19.0-rc1 podría ser empleada por atacantes para p... • https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-476b3b2a03c4eef331b4b0bfece4b063 • CWE-415: Double Free •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16425
https://notcve.org/view.php?id=CVE-2018-16425
04 Sep 2018 — A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Una doble liberación (double free) al manejar las respuestas de una HSM Card en sc_pkcs15emu_sc_hsm_init en libopensc/pkcs15-sc-hsm.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podría ser empleada por atacantes p... • https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d643a0fa169471dbf2912f4866dc49c5 • CWE-415: Double Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16426 – opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file()
https://notcve.org/view.php?id=CVE-2018-16426
04 Sep 2018 — Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs. Una recursión infinita al manejar las respuestas de una tarjeta IAS-ECC en iasecc_select_file en libopensc/card-iasecc.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podría ser empleada por atacantes para proporcionar smartcards manipuladas para provocar... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-674: Uncontrolled Recursion •