[3.4] pcsc-lite: Use-after-free of cardsList due to SCardReleaseContext invocations (CVE-2016-10109)ID: oval:org.secpod.oval:def:1800529 | Date: (C)2018-03-28 (M)2023-12-20 |
Class: PATCH | Family: unix |
The SCardReleaseContext function normally releases resources associated with the given handle and clients should cease using this handle. A malicious client can however make the daemon invoke SCardReleaseContext and continue issuing other commands that use "cardsList", resulting in a use-after-free. When SCardReleaseContext is invoked multiple times, it additionally results in a double-free of "cardsList". Affected Versions: PCSC-Lite
Platform: |
Alpine Linux 3.4 |