CVE-2023-2977

2023-06-0101:15:17

Debian Security Bug Tracker

security-tracker.debian.org

opensc

buffer overrun

pkcs15 cardos_have_verifyrc_package

asn1 context

smart card package

heap-based buffer

crash

information leak

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.

OSVersionArchitecturePackageVersionFilename
Debian12allopensc< 0.23.0-0.3opensc_0.23.0-0.3_all.deb
Debian11allopensc<= 0.21.0-1opensc_0.21.0-1_all.deb
Debian10allopensc< 0.19.0-1+deb10u2opensc_0.19.0-1+deb10u2_all.deb
Debian999allopensc< 0.23.0-0.3opensc_0.23.0-0.3_all.deb
Debian13allopensc< 0.23.0-0.3opensc_0.23.0-0.3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	opensc	< 0.23.0-0.3	opensc_0.23.0-0.3_all.deb
Debian	11	all	opensc	<= 0.21.0-1	opensc_0.21.0-1_all.deb
Debian	10	all	opensc	< 0.19.0-1+deb10u2	opensc_0.19.0-1+deb10u2_all.deb
Debian	999	all	opensc	< 0.23.0-0.3	opensc_0.23.0-0.3_all.deb
Debian	13	all	opensc	< 0.23.0-0.3	opensc_0.23.0-0.3_all.deb