Vulnerability CVE-2019-19481: Information

Description

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.

Severity: MEDIUM (4.6) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-19481
Published: Dec. 2, 2019
Modified: Nov. 7, 2023
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
openscsisyphus0.20.0-alt10.25.1-alt1ALT-PU-2020-1884-1250698Fixed
openscp100.20.0-alt10.25.1-alt1ALT-PU-2020-1884-1250698Fixed
openscp90.20.0-alt10.21.0-alt1ALT-PU-2020-2900-1258586Fixed
openscc10f10.20.0-alt10.24.0-alt1ALT-PU-2020-1884-1250698Fixed
openscc9f20.20.0-alt10.24.0-alt1ALT-PU-2020-2900-1258586Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/OpenSC/OpenSC/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278
  • Patch
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618
  • Permissions Required
  • Third Party Advisory
[oss-security] 20191229 OpenSC 0.20.0 released
  • Mailing List
FEDORA-2020-3c93790abe

      1. Configuration 1

        cpe:2.3:a:opensc_project:opensc:0.20.0:rc1:*:*:*:*:*:*
        cpe:2.3:a:opensc_project:opensc:0.19.0:-:*:*:*:*:*:*
        cpe:2.3:a:opensc_project:opensc:0.20.0:rc2:*:*:*:*:*:*
        cpe:2.3:a:opensc_project:opensc:0.20.0:rc3:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.1
    Back to top