Buffer Overflow Vulnerability in OpenSC Affected by Cryptoflex Card Responses
CVE-2018-16419

6.6MEDIUM

Key Information:

Vendor

Opensc Project

Status
Opensc
Vendor
CVE Published:
4 September 2018

What is CVE-2018-16419?

The vulnerability in OpenSC arises from several buffer overflow issues during the handling of responses from Cryptoflex smartcards in the read_public_key function. Attackers can exploit these vulnerabilities by supplying specially crafted smartcards, potentially leading to application crashes or unforeseen effects. It highlights significant flaws in the way responses are processed, emphasizing the need for updates and enhanced security measures.

References

https://github.com/OpenSC/OpenSC/commit/360e95d45ac412325...
x_refsource_MISC
https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1
x_refsource_MISC
https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
x_refsource_MISC

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.