Lucene search

K

Veracode Vulnerability DatabaseVERACODE:21135

HistoryAug 08, 2019 - 12:07 a.m.

Denial Of Service (DoS)

2019-08-0800:07:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

16

EPSS

0.001

Percentile

44.9%

opensc is vulnerable to denial of service (DoS). The attack is possible because it cause a buffer overflow while handling responses from esteid cards in pkcs15-esteid.c:sc_pkcs15emu_esteid_init().

References

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

access.redhat.com/errata/RHSA-2019:2154

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1656791

bugzilla.redhat.com/show_bug.cgi?id=1672898

github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d64c08c80437cf0006ada91e50f20ba0

github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1

www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/

EPSS

0.001

Percentile

44.9%

Related for VERACODE:21135

cve2 cvelist1 prion1 debiancve1 nvd2 redhatcve1 ubuntucve1 alpinelinux1 osv3 nessus18 openvas10 suse2 amazon1 redhat1 centos1 oraclelinux1 fedora2 mageia1 debian1