CVE-2019-19479
opensc: Incorrect read operation during parsing of a SETCOS file attribute
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.
Se detectó un problema en OpenSC versiones hasta 0.19.0 y versiones 0.20.x hasta 0.20.0-rc3. El archivo libopensc/card-setcos.c presenta una operación de lectura incorrecta durante el análisis de un atributo de archivo SETCOS.
An update that fixes 8 vulnerabilities is now available. This update for opensc fixes the following issues. Fixed an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string. Fixed an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry. Fixed an incorrect read operation during parsing of a SETCOS file attribute. Fixed an improper free operation in sc_pkcs15_decode_prkdf_entry. Fixed a double free in coolkey_free_private_data. Fixed a buffer overflow in sc_oberthur_read_file. Fixed a stack-based buffer overflow in gemsafe GPK smart card software driver. Fixed a stack-based buffer overflow in tcos_decipher. This update was imported from the SUSE:SLE-15-SP1:Update update project.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-01 CVE Reserved
- 2019-12-01 CVE Published
- 2024-08-05 CVE Updated
- 2025-04-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2019/12/29/1 | Mailing List |
|
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2019/12/msg00031.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opensc Project Search vendor "Opensc Project" | Opensc Search vendor "Opensc Project" for product "Opensc" | <= 0.19.0 Search vendor "Opensc Project" for product "Opensc" and version " <= 0.19.0" | - |
Affected
| ||||||
| Opensc Project Search vendor "Opensc Project" | Opensc Search vendor "Opensc Project" for product "Opensc" | 0.20.0 Search vendor "Opensc Project" for product "Opensc" and version "0.20.0" | rc1 |
Affected
| ||||||
| Opensc Project Search vendor "Opensc Project" | Opensc Search vendor "Opensc Project" for product "Opensc" | 0.20.0 Search vendor "Opensc Project" for product "Opensc" and version "0.20.0" | rc2 |
Affected
| ||||||
| Opensc Project Search vendor "Opensc Project" | Opensc Search vendor "Opensc Project" for product "Opensc" | 0.20.0 Search vendor "Opensc Project" for product "Opensc" and version "0.20.0" | rc3 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||