CVE-2010-4531
pcsc-lite: Stack-based buffer overflow in Answer-to-Reset (ATR) decoder
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.
Desbordamiento de búfer basado en pila en la función ATRDecodeAtr en el manejador de respuesta al reinicio "Answer-to-Reset (ATR)" (atrhandler.c) para pcscd en PCSC-Lite v1.5.3, y posiblemente otras versiones v1.5.x o v1.6.x, permite a atacantes físicamente cercanos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una tarjeta inteligente con un mensaje de ATR que contiene un valor de atributo de largo.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-12-09 CVE Reserved
- 2011-01-18 CVE Published
- 2023-09-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-121: Stack-based Buffer Overflow
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/43112 | Third Party Advisory | |
| http://www.securityfocus.com/bid/45450 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0180 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0256 | Vdb Entry |
| URL | Date | SRC |
|---|