4.6

CVE-2019-19481

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opensc ProjectOpensc Version0.19.0 Update-
Opensc ProjectOpensc Version0.20.0 Updaterc1
Opensc ProjectOpensc Version0.20.0 Updaterc2
Opensc ProjectOpensc Version0.20.0 Updaterc3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.156
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 0.9 3.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.openwall.com/lists/oss-security/2019/12/29/1
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618
Third Party Advisory
Permissions Required
https://github.com/OpenSC/OpenSC/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278
Patch