Opensc
CVE-2024-8443
LOW
Severity by source
AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Primary rating from Vendor (vendor:alpine) · only source for this CVE.
CVSS VectorVendor: vendor:alpine
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Alpine Linux: opensc fixed in 0.26.0-r0
Analysis
Alpine Linux: opensc fixed in 0.26.0-r0
sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. Rated
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15
Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC
Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in O
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenS
A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-r
A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0
A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs1
Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c
Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003
Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in
A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 coul
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today