CVE-2019-16058

Published: 06/09/2019 Updated: 12/09/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An issue exists in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensc project opensc 0.3.0
opensc project opensc 0.2.0

Debian Bug report logs - #939664 pam-p11: CVE-2019-16058 Package: src:pam-p11; Maintainer for src:pam-p11 is Debian OpenSC Maintainers <pkg-opensc-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 7 Sep 2019 13:15:05 UTC Severity: important Tags: security, upstream Fou ...

Hi all! I'm happy to announce the new pam_p11 release 031, which can be found here githubcom/OpenSC/pam_p11/releases/tag/pam_p11-031 <githubcom/OpenSC/pam_p11/releases/tag/pam_p11-031> This release fixes a buffer overflow when creating signatures longer than 256 bytes (CVE-2019-16058) This bug is present in pam_p11 ...

CWE-119 https://github.com/OpenSC/pam_p11/commit/d150b60e1e14c261b113f55681419ad1dfa8a76c http://www.openwall.com/lists/oss-security/2019/09/12/1 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939664

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-16058

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect