Buffer Overflow Vulnerability in OpenSC Affects Esteid Card Processing
CVE-2018-16422

6.6MEDIUM

Key Information:

Vendor

Opensc Project

Status
Opensc
Vendor
CVE Published:
4 September 2018

What is CVE-2018-16422?

A byte buffer overflow exists in the response handling of esteid Cards within OpenSC's sc_pkcs15emu_esteid_init function. This vulnerability can be exploited by attackers through specially crafted smartcards, leading to potential application crashes or other undisclosed effects. It is crucial for users of OpenSC versions prior to 0.19.0-rc1 to apply the latest updates to mitigate these risks.

References

https://github.com/OpenSC/OpenSC/commit/360e95d45ac412325...
x_refsource_MISC
https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1
x_refsource_MISC
https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
x_refsource_MISC

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.