CVE-2010-4530

CCID: Integer overflow, leading to array index error when processing crafted serial number of certain cards

Severity Score

4.4

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow.

Error de signo en ccid_serial.c para libccid en el controlador USB Chip/Smart Card Interface Devices (CCID), tal como se utiliza en pcscd para PCSC-Lite v1.5.3 y posiblemente otros productos, permite a atacantes físicamente próximos ejecutar código arbitrario a través de una tarjeta inteligente con un número de serie manipulado que hace que un valor negativo pueda ser utilizado en una operación memcpy, que provoca un desbordamiento de búfer. NOTA: algunas fuentes se refieren a este problema como un desbordamiento de enteros.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-12-09 CVE Reserved
2011-01-18 CVE Published
2023-09-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-189: Numeric Errors
CWE-190: Integer Overflow or Wraparound

CAPEC

References (14)

URL	Tag	Source
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2010/12/22/7	Mailing List
http://www.openwall.com/lists/oss-security/2011/01/03/3	Mailing List
http://www.securityfocus.com/bid/45806	Vdb Entry
http://www.vupen.com/english/advisories/2011/0179	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/64961	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf	2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053076.html	2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053097.html	2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=664986	2013-09-30

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2013-1323.html	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2011:014	2023-11-07
http://www.vupen.com/english/advisories/2011/0100	2023-11-07
https://access.redhat.com/security/cve/CVE-2010-4530	2013-09-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Muscle Search vendor "Muscle"		Pcsc-lite Search vendor "Muscle" for product "Pcsc-lite"				1.5.3 Search vendor "Muscle" for product "Pcsc-lite" and version "1.5.3"		-		Affected