Vulnerability CVE-2018-16418: Information

Description

A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

Severity: MEDIUM (6.6) Vector: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-16418
Published: Sept. 4, 2018
Modified: Aug. 6, 2019
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
openscsisyphus0.19.0-alt2.rc10.25.1-alt1ALT-PU-2018-2326-1212986Fixed
openscp100.19.0-alt2.rc10.25.1-alt1ALT-PU-2018-2326-1212986Fixed
openscp90.19.0-alt2.rc10.21.0-alt1ALT-PU-2018-2326-1212986Fixed
openscp80.19.0-alt1.rc1.M80P.10.19.0-alt2.M80P.1ALT-PU-2018-2463-1212985Fixed
openscc10f10.19.0-alt2.rc10.24.0-alt1ALT-PU-2018-2326-1212986Fixed
openscc9f20.19.0-alt2.rc10.24.0-alt1ALT-PU-2018-2326-1212986Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
  • Exploit
  • Third Party Advisory
https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1
  • Release Notes
  • Patch
  • Third Party Advisory
https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-628c8445c4e7ae92bbc4be08ba11a4c3
  • Patch
  • Third Party Advisory
RHSA-2019:2154
    [debian-lts-announce] 20190911 [SECURITY] [DLA 1916-1] opensc security update

        1. Configuration 1

          cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*
          End including
          0.18.0
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.0
      Back to top