Heap Double Free Vulnerability in OpenSC Software
CVE-2021-42778

5.3MEDIUM

Key Information:

Vendor

Opensc Project

Status
Opensc
Vendor
CVE Published:
18 April 2022

What is CVE-2021-42778?

A heap double free issue was identified in OpenSC prior to version 0.22.0 within the sc_pkcs15_free_tokeninfo function. This vulnerability can lead to unexpected behavior and potential security risks in applications relying on this library. Users and administrators of affected versions are advised to upgrade to the latest version for enhanced security.

Affected Version(s)

opensc opensc 0.22.0

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=2016083
x_refsource_MISC
https://github.com/OpenSC/OpenSC/commit/f015746d
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.