CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16426 – opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file()
https://notcve.org/view.php?id=CVE-2018-16426
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs. Una recursión infinita al manejar las respuestas de una tarjeta IAS-ECC en iasecc_select_file en libopensc/card-iasecc.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podría ser empleada por atacantes para proporcionar smartcards manipuladas para provocar el bloqueo o el cierre inesperado de la librería opensc mediante programas. • https://access.redhat.com/errata/RHSA-2019:2154 https://github.com/OpenSC/OpenSC/commit/03628449b75a93787eb2359412a3980365dda49b#diff-f8c0128e14031ed9307d47f10f601b54 https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC https://access.redhat.com/security/cve/CVE-2018-16426 https://bugzilla.redhat.com/show_bug.cgi?id=1628044 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-674: Uncontrolled Recursion •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16427 – opensc: Out of bounds reads handling responses from smartcards
https://notcve.org/view.php?id=CVE-2018-16427
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. Varias lecturas fuera de límites al manejar las respuestas en OpenSC en versiones anteriores a la 0.19.0-rc1 podrían ser empleadas por los atacantes para proporcionar smartcards para provocar el cierre inesperado de la librería opensc mediante programas. • https://access.redhat.com/errata/RHSA-2019:2154 https://github.com/OpenSC/OpenSC/pull/1447/commits/8fe377e93b4b56060e5bbfb6f3142ceaeca744fa https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC https://access.redhat.com/security/cve/CVE-2018-16427 https://bugzilla.redhat.com/show_bug.cgi?id=1628052 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16391 – opensc: Buffer overflows handling responses from Muscle Cards in card-muscle.c:muscle_list_files()
https://notcve.org/view.php?id=CVE-2018-16391
Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Varios desbordamientos de búfer al manejar las respuestas de una Muscle Card en muscle_list_files en libopensc/card-muscle.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podrían ser empleados por atacantes para proporcionar smartcards manipuladas para provocar una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, otro tipo de impacto sin especificar. • https://access.redhat.com/errata/RHSA-2019:2154 https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-477b7a40136bb418b10ce271c8664536 https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC https://access.redhat.com/security/cve/CVE-2018-16391 https://bugzilla.redhat.com/show_bug.cgi?id=1627998 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16392 – opensc: Buffer overflows handling responses from TCOS Cards in card-tcos.c:tcos_select_file()
https://notcve.org/view.php?id=CVE-2018-16392
Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Varios desbordamientos de búfer al manejar las respuestas de una TCOS Card en tcos_select_file en libopensc/card-tcos.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podrían ser empleados por atacantes para proporcionar smartcards manipuladas para provocar una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, otro tipo de impacto sin especificar. • https://access.redhat.com/errata/RHSA-2019:2154 https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-b2a356323a9ff2024d041cf2d7e89dd3 https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC https://access.redhat.com/security/cve/CVE-2018-16392 https://bugzilla.redhat.com/show_bug.cgi?id=1628002 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16393 – opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len()
https://notcve.org/view.php?id=CVE-2018-16393
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Varios desbordamientos de búfer al manejar las respuestas de una Smartcard Gemsafe V1 en gemsafe_get_cert_len en libopensc/pkcs15-gemsafeV1.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podrían ser empleados por atacantes para proporcionar smartcards manipuladas para provocar una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, otro tipo de impacto sin especificar. • https://access.redhat.com/errata/RHSA-2019:2154 https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC https://access.redhat.com/security/cve/CVE-2018-16393 https://bugzilla.redhat.com/show_bug.cgi?id=1628006 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •