CVE-2019-19479 — Out-of-bounds Read in Project Opensc

CWE-125 — Out-of-bounds Read9 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 86.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensc Project Opensc Debian Linux Fedoraproject Fedora

Timeline

PublishedDec 1

Latest updateMay 24

Description

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianopensc_project/opensc< 0.20.0-1+3

▶NVDopensc_project/opensc0.19.0+1

Also affects: Debian Linux 8.0, 9.0, Fedora 31

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-rmfw-qmvr-x823: An issue was discovered in OpenSC through 0↗2022-05-24

▶

OSV

CVE-2019-19479: An issue was discovered in OpenSC through 0↗2019-12-01

▶

CVEList

CVE-2019-19479: An issue was discovered in OpenSC through 0↗2019-12-01

▶

📋Vendor Advisories

Red Hat

opensc: Incorrect read operation during parsing of a SETCOS file attribute↗2019-11-03

▶

Debian

CVE-2019-19479: opensc - An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. ...↗2019

▶

💬Community

Bugzilla

CVE-2019-19479 opensc: incorrect read operation during parsing of a SETCOS file attribute [epel-6]↗2019-12-11

▶

Bugzilla

CVE-2019-19479 opensc: Incorrect read operation during parsing of a SETCOS file attribute↗2019-12-11

▶

Bugzilla

CVE-2019-19479 opensc: incorrect read operation during parsing of a SETCOS file attribute [fedora-all]↗2019-12-11

▶