4.6
CVE-2019-19481
- EPSS 0.12%
- Veröffentlicht 01.12.2019 23:15:10
- Zuletzt bearbeitet 21.11.2024 04:34:48
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opensc Project ≫ Opensc Version0.19.0 Update-
Opensc Project ≫ Opensc Version0.20.0 Updaterc1
Opensc Project ≫ Opensc Version0.20.0 Updaterc2
Opensc Project ≫ Opensc Version0.20.0 Updaterc3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.322 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 0.9 | 3.6 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.