CVE-2019-19480
https://notcve.org/view.php?id=CVE-2019-19480
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. Se detectó un problema en OpenSC versiones hasta 0.19.0 y versiones 0.20.x hasta 0.20.0-rc3. El archivo libopensc/pkcs15-prkey.c presenta una operación liberada incorrecta en la función sc_pkcs15_decode_prkdf_entry. • http://www.openwall.com/lists/oss-security/2019/12/29/1 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478 https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5 • CWE-672: Operation on a Resource after Expiration or Release •
CVE-2019-16058
https://notcve.org/view.php?id=CVE-2019-16058
An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme. Se descubrió un problema en el componente pam_p11 versiones 0.2.0 y 0.3.0 para OpenSC. Si una tarjeta inteligente crea una firma con una longitud mayor a 256 bytes, esto desencadena un desbordamiento de búfer. • http://www.openwall.com/lists/oss-security/2019/09/12/1 https://github.com/OpenSC/pam_p11/commit/d150b60e1e14c261b113f55681419ad1dfa8a76c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2019-15946 – opensc: Out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c
https://notcve.org/view.php?id=CVE-2019-15946
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. OpenSC en versiones anteriores a la 0.20.0-rc1 tiene un acceso fuera de los límites de Octet string ASN.1 en asn1_decode_entry en libopensc/asn1.c. • http://www.openwall.com/lists/oss-security/2019/12/29/1 https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740 https://github.com/OpenSC/OpenSC/compare/f1691fc...12218d4 https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5 https://access.redhat.com/security/cve/CVE-2019-15946 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2019-15945 – opensc: Out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c
https://notcve.org/view.php?id=CVE-2019-15945
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. OpenSC en versiones anteriores a la 0.20.0-rc1 tiene un acceso fuera de límites de una Bitstring ASN.1 en decode_bit_string en libopensc/asn1.c. • http://www.openwall.com/lists/oss-security/2019/12/29/1 https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68 https://github.com/OpenSC/OpenSC/compare/f1691fc...12218d4 https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5 https://access.redhat.com/security/cve/CVE-2019-15945 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2019-6502
https://notcve.org/view.php?id=CVE-2019-6502
sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. En la versión 0.19.0 de OpenSC, sc_context_create en ctx.c en libopensc tiene una fuga de memoria, tal y como queda demostrado con una llamada desde eidenv. • http://www.openwall.com/lists/oss-security/2019/12/29/1 https://github.com/OpenSC/OpenSC/issues/1586 https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html • CWE-401: Missing Release of Memory after Effective Lifetime •