CVE-2018-16426Uncontrolled Recursion in Project Opensc

CWE-674Uncontrolled RecursionCWE-120Classic Buffer Overflow8 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 60.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opensc Project Opensc
Timeline
PublishedSep 4
Latest updateMay 13

Description

Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 0.7 | Impact: 3.6

Affected Packages2 packages

Debianopensc_project/opensc< 0.19.0~rc1-1+3

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-38x5-6rjp-vc28: Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc2022-05-13
OSV
CVE-2018-16426: Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc2018-09-04
CVEList
CVE-2018-16426: Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc2018-09-04

📋Vendor Advisories

2
Red Hat
opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file()2018-09-12
Debian
CVE-2018-16426: opensc - Endless recursion when handling responses from an IAS-ECC card in iasecc_select_...2018

💬Community

2
Bugzilla
CVE-2018-16426 opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file()2018-09-12
Bugzilla
CVE-2018-16426 opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file() [fedora-all]2018-09-12
CVE-2018-16426 — Uncontrolled Recursion | cvebase