Lucene search

K

Veracode Vulnerability DatabaseVERACODE:21133

HistoryAug 08, 2019 - 12:07 a.m.

Buffer Overflows

2019-08-0800:07:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8

EPSS

0.001

Percentile

44.9%

opensc is vulnerable to buffer overflows. It is due to lack of proper handling of responses from ePass 2003 Cards in card-epass2003.c:decrypt_response().

References

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

access.redhat.com/errata/RHSA-2019:2154

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1656791

bugzilla.redhat.com/show_bug.cgi?id=1672898

github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-b36536074d13447fbbec061e0e64d15d

github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1

www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/

EPSS

0.001

Percentile

44.9%

Related for VERACODE:21133

cvelist1 redhatcve1 ubuntucve1 nvd2 prion1 debiancve1 osv3 cve2 alpinelinux1 openvas9 nessus17 suse2 amazon1 redhat1 centos1 oraclelinux1 fedora2 mageia1 debian1