Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-2977

Published: 01/06/2023 Updated: 07/11/2023
CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Opensc Project

Vulnerability Summary

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.

Vulnerable Product Search on Vulmon Subscribe to Product

opensc project opensc 0.23.0

redhat enterprise linux 8.0

redhat enterprise linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: opensc: CVE-2023-2977
Debian Bug report logs - #1037021 opensc: CVE-2023-2977 Package: src:opensc; Maintainer for src:opensc is Debian OpenSC Maintainers <pkg-opensc-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Jun 2023 19:54:02 UTC Severity: important Tags: security, upstream Found ...
Red Hat: Low: opensc security update
Synopsis Low: opensc security update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for opensc is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security impac ...
Red Hat: Low: opensc security and bug fix update
Synopsis Low: opensc security and bug fix update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for opensc is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a se ...
Amazon Linux 2: ALAS2-2023-2102
A heap use after free issue was found in Opensc before version 0220 in sc_file_valid (CVE-2021-42779) A use after return issue was found in Opensc before version 0220 in insert_pin function that could potentially crash programs using the library (CVE-2021-42780) Heap buffer overflow issues were found in Opensc before version 0220 in pkcs15- ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

References

CWE-125https://github.com/OpenSC/OpenSC/issues/2785https://access.redhat.com/security/cve/CVE-2023-2977https://github.com/OpenSC/OpenSC/pull/2787https://bugzilla.redhat.com/show_bug.cgi?id=2211088https://lists.debian.org/debian-lts-announce/2023/06/msg00025.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAR54OV6EHA56B4XJF6RNPQ4HJ2ITU66/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJD4Q4AJSGE5UIJI7OUYZY4HGGCVYQNI/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037021https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2023-2102.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651CVE-2024-34255elevation of privilegeCVE-2024-25529CVE-2024-4671NULL pointer dereferenceCVE-2024-25527template injectionCVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook