Page 4 of 36 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-16058

https://notcve.org/view.php?id=CVE-2019-16058

An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme. Se descubrió un problema en el componente pam_p11 versiones 0.2.0 y 0.3.0 para OpenSC. Si una tarjeta inteligente crea una firma con una longitud mayor a 256 bytes, esto desencadena un desbordamiento de búfer. • http://www.openwall.com/lists/oss-security/2019/09/12/1 https://github.com/OpenSC/pam_p11/commit/d150b60e1e14c261b113f55681419ad1dfa8a76c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2019-15946 – opensc: Out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c

https://notcve.org/view.php?id=CVE-2019-15946

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. OpenSC en versiones anteriores a la 0.20.0-rc1 tiene un acceso fuera de los límites de Octet string ASN.1 en asn1_decode_entry en libopensc/asn1.c. • http://www.openwall.com/lists/oss-security/2019/12/29/1 https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740 https://github.com/OpenSC/OpenSC/compare/f1691fc...12218d4 https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5 https://access.redhat.com/security/cve/CVE-2019-15946 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2019-15945 – opensc: Out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c

https://notcve.org/view.php?id=CVE-2019-15945

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. OpenSC en versiones anteriores a la 0.20.0-rc1 tiene un acceso fuera de límites de una Bitstring ASN.1 en decode_bit_string en libopensc/asn1.c. • http://www.openwall.com/lists/oss-security/2019/12/29/1 https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68 https://github.com/OpenSC/OpenSC/compare/f1691fc...12218d4 https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5 https://access.redhat.com/security/cve/CVE-2019-15945 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-16425

https://notcve.org/view.php?id=CVE-2018-16425

A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Una doble liberación (double free) al manejar las respuestas de una HSM Card en sc_pkcs15emu_sc_hsm_init en libopensc/pkcs15-sc-hsm.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podría ser empleada por atacantes para proporcionar smartcards manipuladas para provocar una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, otro tipo de impacto sin especificar. • https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d643a0fa169471dbf2912f4866dc49c5 https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC • CWE-415: Double Free •

CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-16424

https://notcve.org/view.php?id=CVE-2018-16424

A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Una doble liberación (double free) al manejar las respuestas en read_file en tools/egk-tool.c (también conocido como herramienta de tarjetas eGK) en OpenSC en versiones anteriores a la 0.19.0-rc1 podría ser empleada por atacantes para proporcionar smartcards manipuladas para provocar una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, otro tipo de impacto sin especificar. • https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-476b3b2a03c4eef331b4b0bfece4b063 https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC • CWE-415: Double Free •