opensc: Multiple vulnerabilities (CVE-2019-6502, CVE-2019-15945, CVE-2019-15946, CVE-2019-19479, CVE-2019-19480, CVE-2019-19481)ID: oval:org.secpod.oval:def:1801659 | Date: (C)2020-01-17 (M)2023-11-10 |
Class: PATCH | Family: unix |
A flaw was found in OpenSC 0.19.0. Function sc_context_create in ctx.c in libopensc has a memory leak.OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.
Platform: |
Alpine Linux 3.11 |