7.2
CVE-2010-4523
- EPSS 0.86%
- Veröffentlicht 07.01.2011 20:00:04
- Zuletzt bearbeitet 16.06.2026 23:24:58
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opensc-project ≫ Opensc Version <= 0.11.13
Opensc-project ≫ Opensc Version0.3.2
Opensc-project ≫ Opensc Version0.3.5
Opensc-project ≫ Opensc Version0.4.0
Opensc-project ≫ Opensc Version0.5.0
Opensc-project ≫ Opensc Version0.6.0
Opensc-project ≫ Opensc Version0.6.1
Opensc-project ≫ Opensc Version0.7.0
Opensc-project ≫ Opensc Version0.8
Opensc-project ≫ Opensc Version0.8.0
Opensc-project ≫ Opensc Version0.8.0.0
Opensc-project ≫ Opensc Version0.8.1
Opensc-project ≫ Opensc Version0.9
Opensc-project ≫ Opensc Version0.9.2
Opensc-project ≫ Opensc Version0.9.3
Opensc-project ≫ Opensc Version0.9.4
Opensc-project ≫ Opensc Version0.9.5
Opensc-project ≫ Opensc Version0.9.6
Opensc-project ≫ Opensc Version0.9.7
Opensc-project ≫ Opensc Version0.9.7 Updateb
Opensc-project ≫ Opensc Version0.9.7 Updated
Opensc-project ≫ Opensc Version0.9.8
Opensc-project ≫ Opensc Version0.10.0
Opensc-project ≫ Opensc Version0.10.1
Opensc-project ≫ Opensc Version0.11.0
Opensc-project ≫ Opensc Version0.11.1
Opensc-project ≫ Opensc Version0.11.2
Opensc-project ≫ Opensc Version0.11.3
Opensc-project ≫ Opensc Version0.11.3 Updatepre3
Opensc-project ≫ Opensc Version0.11.4
Opensc-project ≫ Opensc Version0.11.5
Opensc-project ≫ Opensc Version0.11.6
Opensc-project ≫ Opensc Version0.11.7
Opensc-project ≫ Opensc Version0.11.8
Opensc-project ≫ Opensc Version0.11.9
Opensc-project ≫ Opensc Version0.11.10
Opensc-project ≫ Opensc Version0.11.11
Opensc-project ≫ Opensc Version0.11.12
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.86% | 0.538 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/43068
http://www.vupen.com/english/advisories/2011/0212
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427
http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html
http://openwall.com/lists/oss-security/2010/12/21/2
http://openwall.com/lists/oss-security/2010/12/22/3
http://secunia.com/advisories/42658
http://secunia.com/advisories/42807
http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:011
http://www.securityfocus.com/bid/45435
http://www.vupen.com/english/advisories/2011/0009
http://www.vupen.com/english/advisories/2011/0109
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483
https://bugzilla.redhat.com/show_bug.cgi?id=664831
https://www.opensc-project.org/opensc/changeset/4913