Buffer Mishandling in OpenSC Affecting CAC Certificates
CVE-2019-19481

4.6MEDIUM

Key Information:

Vendor

Opensc Project

Status
Opensc
Vendor
CVE Published:
1 December 2019

What is CVE-2019-19481?

A vulnerability in OpenSC versions up to 0.20.0-rc3 has been identified where the library's handling of buffer limits related to CAC certificates is inadequate. This flaw can lead to a range of security issues, potentially allowing attackers to exploit this weakness, thus compromising the integrity and confidentiality of sensitive data processed by the affected versions of OpenSC. Users are advised to update to the latest version to mitigate any risks associated with this vulnerability.

References

https://github.com/OpenSC/OpenSC/commit/b75c002cfb1fd61cd...
x_refsource_MISC
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2019/12/29/1
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.