Memory Leak Vulnerability in OpenSC Software by OpenSC
CVE-2019-6502

7.5HIGH

Key Information:

Vendor

Opensc Project

Status
Opensc
Vendor
CVE Published:
22 January 2019

What is CVE-2019-6502?

A memory leak vulnerability exists in the sc_context_create function within ctx.c of the OpenSC library, specifically in version 0.19.0. This issue can be triggered by specific calls, such as eidenv, leading to potential memory management problems. Users of OpenSC should update to the latest version to mitigate this vulnerability and ensure robust security in their applications.

References

https://github.com/OpenSC/OpenSC/issues/1586
http://www.openwall.com/lists/oss-security/2019/12/29/1
mailing-list
https://lists.debian.org/debian-lts-announce/2023/06/msg0...
mailing-list

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.