Published: 01/12/2019 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

An issue exists in OpenSC up to and including 0.19.0 and 0.20.x up to and including 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensc project opensc 0.20.0
opensc project opensc
debian debian linux 8.0
debian debian linux 9.0
fedoraproject fedora 31

Synopsis Moderate: opensc security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for opensc is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

Debian Bug report logs - #947383 opensc: CVE-2019-19479 Package: src:opensc; Maintainer for src:opensc is Debian OpenSC Maintainers <pkg-opensc-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 25 Dec 2019 23:03:01 UTC Severity: important Tags: security, upstream Found ...

OpenSC before 0200-rc1 has an out-of-bounds access of an ASN1 Bitstring in decode_bit_string in libopensc/asn1c (CVE-2019-15945) OpenSC before 0200-rc1 has an out-of-bounds access of an ASN1 Octet string in asn1_decode_entry in libopensc/asn1c (CVE-2019-15946) An issue was discovered in OpenSC through 0190 and 020x through 0200-rc3 ...

An issue was discovered in OpenSC through 0190 and 020x through 0200-rc3 libopensc/card-setcosc has an incorrect read operation during parsing of a SETCOS file attribute ...

CWE-125 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693 https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2 https://lists.debian.org/debian-lts-announce/2019/12/msg00031.html http://www.openwall.com/lists/oss-security/2019/12/29/1 https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/https://access.redhat.com/errata/RHSA-2020:4483 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2023-2262.html

CVE-2019-19479

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect