CVE-2019-6502Missing Release of Memory after Effective Lifetime in Project Opensc

CWE-401Missing Release of Memory after Effective LifetimeCWE-400Uncontrolled Resource Consumption8 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 59.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opensc Project Opensc
Timeline
PublishedJan 22
Latest updateMay 13

Description

sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debianopensc_project/opensc< 0.20.0-1+3

🔴Vulnerability Details

3
GHSA
GHSA-wfg8-cwx5-w8xc: sc_context_create in ctx2022-05-13
CVEList
CVE-2019-6502: sc_context_create in ctx2019-01-22
OSV
CVE-2019-6502: sc_context_create in ctx2019-01-22

📋Vendor Advisories

3
Chrome
Stable Channel Update for Desktop: CVE-2020-64112020-02-04
Red Hat
opensc: memory leak in sc_context_create in ctx.c in libopensc2019-01-20
Debian
CVE-2019-6502: opensc - sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as d...2019

💬Community

1
Bugzilla
CVE-2019-6502 opensc: memory leak in sc_context_create in ctx.c in libopensc2019-01-23
CVE-2019-6502 — Opensc Project Opensc vulnerability | cvebase