Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2019-20792
HistoryMay 20, 2020 - 9:25 a.m.

CVE-2019-20792

2020-05-2009:25:35
redhat.com
access.redhat.com
16

EPSS

0.001

Percentile

48.5%

JSON

A use-after-free vulnerability was discovered in OpenSC while disconnecting a smart card. This flaw allows a physical attacker to exploit this vulnerability by inserting and removing a malicious smart card, handled by the coolkey driver, that could potentially execute code on the target system, with privileges that depend on the particular configuration and system that makes use of the OpenSC library.

Mitigation

If the coolkey driver is not necessary for the configuration and system in use, it is possible to disable it by not listing it in the /etc/opensc.conf file.
For example:

app default {  
   card_drivers = cac, cac1, PIV-II;  
}

Related

nvd 1
cve 1
veracode 1
debiancve 1
ubuntucve 1
cvelist 1
osv 2
prion 1
openvas 4
nessus 12
redhat 1
oraclelinux 1
almalinux 1
amazon 1
suse 1
rosalinux 1
nvd
nvd
CVE-2019-20792
2020-04-29 04:15:17
cve
cve
CVE-2019-20792
2020-04-29 04:15:17
veracode
veracode
Double Free
2020-11-05 03:10:22
debiancve
debiancve
CVE-2019-20792
2020-04-29 04:15:17
ubuntucve
ubuntucve
CVE-2019-20792
2020-04-29 00:00:00
cvelist
cvelist
CVE-2019-20792
2020-04-29 03:53:57
osv
osv
opensc-0.22.0-3.1 on GA media
2024-06-15 00:00:00
CVE-2019-20792
2020-04-29 04:15:17
prion
prion
Double free
2020-04-29 04:15:00
openvas
openvas
Huawei EulerOS: Security Advisory for opensc (EulerOS-SA-2022-1752)
2022-05-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:1168-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for opensc (openSUSE-SU-2021:0565-1)
2021-04-17 00:00:00
nessus
nessus
EulerOS 2.0 SP3 : opensc (EulerOS-SA-2022-1752)
2022-05-26 00:00:00
AlmaLinux 8 : opensc (ALSA-2020:4483)
2022-02-09 00:00:00
RHEL 8 : opensc (RHSA-2020:4483)
2020-11-04 00:00:00
redhat
redhat
(RHSA-2020:4483) Moderate: opensc security, bug fix, and enhancement update
2020-11-03 12:08:55
oraclelinux
oraclelinux
opensc security, bug fix, and enhancement update
2020-11-10 00:00:00
almalinux
almalinux
Moderate: opensc security, bug fix, and enhancement update
2020-11-03 12:08:55
amazon
amazon
Medium: opensc
2023-09-13 23:44:00
suse
suse
Security update for opensc (moderate)
2021-04-17 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1936
2021-07-02 17:36:31

EPSS

0.001

Percentile

48.5%

JSON
Related for RH:CVE-2019-20792
nvd1cve1veracode1debiancve1ubuntucve1cvelist1osv2prion1openvas4nessus12redhat1oraclelinux1almalinux1amazon1suse1rosalinux1