CVE-2019-19481Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Opensc

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 68.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opensc Project Opensc
Timeline
PublishedDec 1
Latest updateMay 24

Description

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

Debianopensc_project/opensc< 0.19.0~rc1-1+3
NVDopensc_project/opensc0.19.0, 0.20.0+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-99x7-636q-6hvj: An issue was discovered in OpenSC through 02022-05-24
CVEList
CVE-2019-19481: An issue was discovered in OpenSC through 02019-12-01
OSV
CVE-2019-19481: An issue was discovered in OpenSC through 02019-12-01

📋Vendor Advisories

2
Red Hat
opensc: Improper handling of buffer limits for CAC certificates2019-10-30
Debian
CVE-2019-19481: opensc - An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. ...2019

💬Community

3
Bugzilla
CVE-2019-19481 opensc: Improper handling of buffer limits for CAC certificates2019-12-12
Bugzilla
CVE-2019-19481 opensc: improper handling of buffer limits for CAC certificates [epel-6]2019-12-12
Bugzilla
CVE-2019-19481 opensc: improper handling of buffer limits for CAC certificates [fedora-all]2019-12-12
CVE-2019-19481 — Opensc Project Opensc vulnerability | cvebase