Published: 04/09/2018 Updated: 06/08/2019

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 4.3 | Impact Score: 3.6 | Exploitability Score: 0.7

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Various out of bounds reads when handling responses in OpenSC prior to 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensc project opensc

Debian Bug report logs - #909444 Minor security issues, CVE-2018-{16391-16393,16418-16427} Package: opensc; Maintainer for opensc is Debian OpenSC Maintainers <pkg-opensc-maint@listsaliothdebianorg>; Source for opensc is src:opensc (PTS, buildd, popcon) Reported by: Eric Dorland <eric@debianorg> Date: Sun, 23 Sep ...

Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-musclec in OpenSC before 0190-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact(CVE-2018-16391) Several buffer overflows when handlin ...

Various out of bounds reads when handling responses in OpenSC before 0190-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs ...

CWE-125 https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 https://github.com/OpenSC/OpenSC/pull/1447/commits/8fe377e93b4b56060e5bbfb6f3142ceaeca744fa https://access.redhat.com/errata/RHSA-2019:2154 https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2019-1312.html

CVE-2018-16427

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect