Vulnerability CVE-2019-19479: Information
Description
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| opensc | sisyphus | 0.20.0-alt1 | 0.25.1-alt1 | ALT-PU-2020-1884-1 | 250698 | Fixed |
| opensc | p10 | 0.20.0-alt1 | 0.25.1-alt1 | ALT-PU-2020-1884-1 | 250698 | Fixed |
| opensc | p9 | 0.20.0-alt1 | 0.21.0-alt1 | ALT-PU-2020-2900-1 | 258586 | Fixed |
| opensc | c10f1 | 0.20.0-alt1 | 0.24.0-alt1 | ALT-PU-2020-1884-1 | 250698 | Fixed |
| opensc | c9f2 | 0.20.0-alt1 | 0.24.0-alt1 | ALT-PU-2020-2900-1 | 258586 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693 |
|
| https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2 |
|
| [debian-lts-announce] 20191226 [SECURITY] [DLA 2046-1] opensc security update |
|
| [oss-security] 20191229 OpenSC 0.20.0 released |
|
| [debian-lts-announce] 20211129 [SECURITY] [DLA 2832-1] opensc security update |
|
| FEDORA-2020-3c93790abe |