CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2016-10109
https://notcve.org/view.php?id=CVE-2016-10109
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function. Vulnerabilidad de uso después de liberación en pcsc-lite en versiones anteriores a 1.8.20 permite a atacantes remotos provocar denegación de servicio (caída) a través de un comando que utiliza "cardsList" después de que el manejo haya sido lanzado a través de la función SCardReleaseContext. • http://www.debian.org/security/2017/dsa-3752 http://www.openwall.com/lists/oss-security/2017/01/03/3 http://www.securityfocus.com/bid/95263 http://www.ubuntu.com/usn/USN-3176-1 https://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache. • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 35EXPL: 0CVE-2009-4901 – pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages
https://notcve.org/view.php?id=CVE-2009-4901
The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407. La función MSGFunctionDemarshall en winscard_svc.c en el demonio PC/SC Smart Card (también conocido como PCSCD) en MUSCLE PCSC-Lite anteriores a v1.5.4 podría permitir a usuarios localesprovocar una denegación de servicio (caída del demonio) a través de una mensaje de datos SCARD_SET_ATTRIB manipulado, el cual es deserializado de forma inadecuada provoca una sobrelectura del búfer, es diferente a CVE-2010-0407. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html http://secunia.com/advisories/40140 http://secunia.com/advisories/40239 http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4208 http://www.debian.org/security/2010/dsa-2059 http://www.securityfocus.com/bid/40758 http://www.vupen.com/english/advisories/2010/1427 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 35EXPL: 0CVE-2009-4902
https://notcve.org/view.php?id=CVE-2009-4902
Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407. Desbordamiento de búfer en la función MSGFunctionDemarshall en winscard_svc.c en el demonio PC/SC Smart Card (también conocido como PCSCD) en MUSCLE PCSC-Lite v1.5.4 y anteriores, podría permitir a usuarios locales ganar privilegios a través de un mensaje de datos SCARF_CONTROL manipulado, que es deserializado de forma inadecuada. NOTA: esta vulnerabilidad existe debido a una corrección incompleta de CVE-2010-0407. • http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html http://secunia.com/advisories/40140 http://secunia.com/advisories/40239 http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4334 http://www.debian.org/security/2010/dsa-2059 http://www.securityfocus.com/bid/40758 http://www.vupen.com/english/advisories/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 35EXPL: 0CVE-2010-0407 – pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages
https://notcve.org/view.php?id=CVE-2010-0407
Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled. Múltiple desbordamiento de búfer en la función MSGFunctionDemarshall en winscard_svc.c en el demonio PC/SC Smart Card (también conocido como PCSCD) en MUSCLE PCSC-Lite anteriores a v1.5.4, permite a usuarios locales obtener privilegios a través de los datos de un mensaje manipulados, que es deserializado de forma inadecuada. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://secunia.com/advisories/40140 http://secunia.com/advisories&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •