Veracode Vulnerability DatabaseVERACODE:22097Denial Of Service (DoS)
4.6 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
libopenSC is susceptible to denial of service (DoS) attack. The vulnerability exists because libopensc/pkcs15-prkey.c freed memory incorrectly after the failure in the function sc_pkcs15_decode_prkdf_entry, leading to mishandling of the buffer limits for CAC certificates and an application crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libopensc.so | le | 8.0.0 |
References
www.openwall.com/lists/oss-security/2019/12/29/1
bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478
bugzilla.suse.com/show_bug.cgi?id=1158307
github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7
github.com/OpenSC/OpenSC/compare/62049ea18c622fe96bcbe3664f1b3f5f95f878cc...6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7
lists.fedoraproject.org/archives/list/[email protected]/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/
Related
4.6 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P