Veracode Vulnerability DatabaseVERACODE:18294Denial Of Service (DoS)
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
libcacard is vulnerable to denial of service. Attackers with local access could cause a system hang using excessive consumption of memory. The vulnerability exists in the function vcard_apdu_new of the file card_7816.c and exploitable via vectors related to allocating a new APDU object.
References
www.openwall.com/lists/oss-security/2017/03/01/11
www.securityfocus.com/bid/96541
access.redhat.com/errata/RHSA-2017:2408
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1427833
bugzilla.redhat.com/show_bug.cgi?id=1459661
bugzilla.redhat.com/show_bug.cgi?id=1459663
bugzilla.redhat.com/show_bug.cgi?id=1459664
bugzilla.redhat.com/show_bug.cgi?id=1459666
bugzilla.redhat.com/show_bug.cgi?id=1459667
bugzilla.redhat.com/show_bug.cgi?id=1459668
cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c
cgit.freedesktop.org/spice/libcacard/tree/NEWS?id=aaa5251791bf0b1640afcba77a7d79ea23c42d53
Related
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C