Lucene search

K

Veracode Vulnerability DatabaseVERACODE:21137

HistoryAug 08, 2019 - 12:07 a.m.

Denial Of Service (DoS)

2019-08-0800:07:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

13

EPSS

0.001

Percentile

45.7%

opensc is vulnerable to denial of service (DoS). The attack is possible because it does not handle infinite responses in an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c when a malicious smartcard is provided.

References

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

access.redhat.com/errata/RHSA-2019:2154

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1656791

bugzilla.redhat.com/show_bug.cgi?id=1672898

github.com/OpenSC/OpenSC/commit/03628449b75a93787eb2359412a3980365dda49b#diff-f8c0128e14031ed9307d47f10f601b54

github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1

lists.debian.org/debian-lts-announce/2019/09/msg00009.html

www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/

EPSS

0.001

Percentile

45.7%

Related for VERACODE:21137

ubuntucve1 cve2 prion1 debiancve1 osv3 nvd2 redhatcve1 alpinelinux1 cvelist1 openvas9 nessus17 suse2 amazon1 redhat1 centos1 oraclelinux1 fedora2 mageia1 debian1