Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2010-4530

Published: 18/01/2011 Updated: 07/11/2023
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate malicious users to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

muscle pcsc-lite 1.5.3

Vendor Advisories

Red Hat: Low: ccid security and bug fix update
Synopsis Low: ccid security and bug fix update Type/Severity Security Advisory: Low Topic An updated ccid package that fixes one security issue and one bug is nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having lowsecurity impact A Common Vulnerabi ...
Red Hat: Low: ccid security and bug fix update
Synopsis Low: ccid security and bug fix update Type/Severity Security Advisory: Low Topic An updated ccid package that fixes one security issue and one bug are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having lowsecurity impact A Common Vulnerab ...
Debian CVElist Bug Report Logs: ccid: buffer overflow
Debian Bug report logs - #607780 ccid: buffer overflow Package: ccid; Maintainer for ccid is Ludovic Rousseau <rousseau@debianorg>; Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Wed, 22 Dec 2010 04:12:02 UTC Severity: important Tags: security, upstream Found in version 138-1 Fixed in versions c ...

References

CWE-189http://www.vupen.com/english/advisories/2011/0100http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdfhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/053097.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/053076.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=664986http://www.openwall.com/lists/oss-security/2011/01/03/3http://www.openwall.com/lists/oss-security/2010/12/22/7http://www.mandriva.com/security/advisories?name=MDVSA-2011:014http://www.securityfocus.com/bid/45806http://www.vupen.com/english/advisories/2011/0179http://rhn.redhat.com/errata/RHSA-2013-1323.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705https://exchange.xforce.ibmcloud.com/vulnerabilities/64961https://access.redhat.com/errata/RHSA-2013:1323https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firewallCVE-2024-35649stored XSSCVE-2022-28654CVE-2020-35153CVE-2024-27348CVE-2022-28652local usersCVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook