Vulnerability CVE-2019-19481: Information
Description
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.
Severity: MEDIUM (4.6) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
opensc | sisyphus | 0.20.0-alt1 | 0.25.1-alt1 | ALT-PU-2020-1884-1 | 250698 | Fixed |
opensc | p10 | 0.20.0-alt1 | 0.25.1-alt1 | ALT-PU-2020-1884-1 | 250698 | Fixed |
opensc | p9 | 0.20.0-alt1 | 0.21.0-alt1 | ALT-PU-2020-2900-1 | 258586 | Fixed |
opensc | c10f1 | 0.20.0-alt1 | 0.24.0-alt1 | ALT-PU-2020-1884-1 | 250698 | Fixed |
opensc | c9f2 | 0.20.0-alt1 | 0.24.0-alt1 | ALT-PU-2020-2900-1 | 258586 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/OpenSC/OpenSC/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278 |
|
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618 |
|
[oss-security] 20191229 OpenSC 0.20.0 released |
|
FEDORA-2020-3c93790abe |