Buffer Overflow Vulnerability in OpenSC's pam_p11 Component for Smart Cards
CVE-2019-16058

7.5HIGH

Key Information:

Vendor: Opensc Project
Status: Opensc
Vendor: CVE Published:; 6 September 2019

🔔 Create Opensc Project Vulnerability Alert

What is CVE-2019-16058?

A buffer overflow issue exists in the pam_p11 component of OpenSC, affecting versions 0.2.0 and 0.3.0. When a smart card generates a signature exceeding 256 bytes, particularly with RSA keys of 4096 bits, it can lead to this overflow. This vulnerability may enable unauthorized access or execution of arbitrary code, emphasizing the need for timely updates and effective mitigation strategies.

References

https://github.com/OpenSC/pam_p11/commit/d150b60e1e14c261...

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2019/09/12/1

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2019
Vulnerability Reserved
Sep 6, 2019

CVE-2019-16058 Data

JSON