Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2016-10109

Published: 23/02/2017 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Muscle

Vulnerability Summary

Use-after-free vulnerability in pcsc-lite prior to 1.8.20 allows a remote malicious users to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.

Vulnerable Product Search on Vulmon Subscribe to Product

muscle pcsc-lite

canonical ubuntu linux 16.10

canonical ubuntu linux 12.04

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

Vendor Advisories

Ubuntu Security Notice: pcsc-lite vulnerability
PCSC-Lite could be made to crash or run programs as an administrator if it received specially crafted input ...
Debian Security Advisories: DSA-3752-1 pcsc-lite -- security update
Peter Wu discovered that a use-after-free in the pscd PC/SC daemon of PCSC-Lite might result in denial of service or potentially privilege escalation For the stable distribution (jessie), this problem has been fixed in version 1813-1+deb8u1 For the unstable distribution (sid), this problem has been fixed in version 1820-1 We recommend that y ...
Arch Linux Issues:
The SCardReleaseContext function normally releases resources associated with the given handle (including "cardsList") and clients should cease using this handle A malicious client can however make the daemon invoke SCardReleaseContext and continue issuing other commands that use "cardsList", resulting in a use-after-free When SCardReleaseContext ...

References

CWE-416https://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.htmlhttp://www.ubuntu.com/usn/USN-3176-1http://www.openwall.com/lists/oss-security/2017/01/03/3http://www.securityfocus.com/bid/95263https://security.gentoo.org/glsa/201702-01http://www.debian.org/security/2017/dsa-3752https://salsa.debian.org/rousseau/PCSC/-/commit/697fe05967af7ea215bcd5d5774be587780c9e22https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://usn.ubuntu.com/3176-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook