CVE-2019-19479 – opensc: Incorrect read operation during parsing of a SETCOS file attribute
https://notcve.org/view.php?id=CVE-2019-19479
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. Se detectó un problema en OpenSC versiones hasta 0.19.0 y versiones 0.20.x hasta 0.20.0-rc3. El archivo libopensc/card-setcos.c presenta una operación de lectura incorrecta durante el análisis de un atributo de archivo SETCOS. • http://www.openwall.com/lists/oss-security/2019/12/29/1 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693 https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2 https://lists.debian.org/debian-lts-announce/2019/12/msg00031.html https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5 https://access.redhat.com/security/cve/CVE-2019-194 • CWE-125: Out-of-bounds Read •
CVE-2019-19481 – opensc: Improper handling of buffer limits for CAC certificates
https://notcve.org/view.php?id=CVE-2019-19481
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. Se detectó un problema en OpenSC versiones hasta 0.19.0 y versiones 0.20.x hasta 0.20.0-rc3. El archivo libopensc/card-cac1.c maneja inapropiadamente los límites del búfer para los certificados CAC. • http://www.openwall.com/lists/oss-security/2019/12/29/1 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618 https://github.com/OpenSC/OpenSC/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5 https://access.redhat.com/security/cve/CVE-2019-19481 https://bugzilla.redhat.com/show_bug.cgi?id=1782955 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2019-19480
https://notcve.org/view.php?id=CVE-2019-19480
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. Se detectó un problema en OpenSC versiones hasta 0.19.0 y versiones 0.20.x hasta 0.20.0-rc3. El archivo libopensc/pkcs15-prkey.c presenta una operación liberada incorrecta en la función sc_pkcs15_decode_prkdf_entry. • http://www.openwall.com/lists/oss-security/2019/12/29/1 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478 https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5 • CWE-672: Operation on a Resource after Expiration or Release •
CVE-2019-16058
https://notcve.org/view.php?id=CVE-2019-16058
An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme. Se descubrió un problema en el componente pam_p11 versiones 0.2.0 y 0.3.0 para OpenSC. Si una tarjeta inteligente crea una firma con una longitud mayor a 256 bytes, esto desencadena un desbordamiento de búfer. • http://www.openwall.com/lists/oss-security/2019/09/12/1 https://github.com/OpenSC/pam_p11/commit/d150b60e1e14c261b113f55681419ad1dfa8a76c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2019-15946 – opensc: Out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c
https://notcve.org/view.php?id=CVE-2019-15946
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. OpenSC en versiones anteriores a la 0.20.0-rc1 tiene un acceso fuera de los límites de Octet string ASN.1 en asn1_decode_entry en libopensc/asn1.c. • http://www.openwall.com/lists/oss-security/2019/12/29/1 https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740 https://github.com/OpenSC/OpenSC/compare/f1691fc...12218d4 https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5 https://access.redhat.com/security/cve/CVE-2019-15946 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •