CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
10.1%
The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart
Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local
users to cause a denial of service (daemon crash) via crafted
SCARD_SET_ATTRIB message data, which is improperly demarshalled and
triggers a buffer over-read, a related issue to CVE-2010-0407.