{"id":"MGASA-2019-0019","summary":"Updated opensc packages fix security vulnerabilities","details":"Several buffer overflows when handling responses from a Muscle Card in\nmuscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1\ncould be used by attackers able to supply crafted smartcards to cause a\ndenial of service (application crash) or possibly have unspecified other\nimpact (CVE-2018-16391).\n\nSeveral buffer overflows when handling responses from a TCOS Card in\ntcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1\ncould be used by attackers able to supply crafted smartcards to cause a\ndenial of service (application crash) or possibly have unspecified other\nimpact (CVE-2018-16392).\n\nSeveral buffer overflows when handling responses from a Gemsafe V1\nSmartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in\nOpenSC before 0.19.0-rc1 could be used by attackers able to supply\ncrafted smartcards to cause a denial of service (application crash) or\npossibly have unspecified other impact (CVE-2018-16393).\n\nA buffer overflow when handling string concatenation in util_acl_to_str\nin tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers\nable to supply crafted smartcards to cause a denial of service\n(application crash) or possibly have unspecified other impact\n(CVE-2018-16418).\n\nSeveral buffer overflows when handling responses from a Cryptoflex card\nin read_public_key in tools/cryptoflex-tool.c in OpenSC before\n0.19.0-rc1 could be used by attackers able to supply crafted smartcards\nto cause a denial of service (application crash) or possibly have\nunspecified other impact (CVE-2018-16419).\n\nSeveral buffer overflows when handling responses from an ePass 2003 Card\nin decrypt_response in libopensc/card-epass2003.c in OpenSC before\n0.19.0-rc1 could be used by attackers able to supply crafted smartcards\nto cause a denial of service (application crash) or possibly have\nunspecified other impact (CVE-2018-16420).\n\nSeveral buffer overflows when handling responses from a CAC Card in\ncac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before\n0.19.0-rc1 could be used by attackers able to supply crafted smartcards\nto cause a denial of service (application crash) or possibly have\nunspecified other impact (CVE-2018-16421).\n\nA single byte buffer overflow when handling responses from an esteid\nCard in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC\nbefore 0.19.0-rc1 could be used by attackers able to supply crafted\nsmartcards to cause a denial of service (application crash) or possibly\nhave unspecified other impact (CVE-2018-16422).\n\nA double free when handling responses from a smartcard in\nsc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could\nbe used by attackers able to supply crafted smartcards to cause a denial\nof service (application crash) or possibly have unspecified other impact\n(CVE-2018-16423).\n\nA double free when handling responses in read_file in\ntools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1\ncould be used by attackers able to supply crafted smartcards to cause a\ndenial of service (application crash) or possibly have unspecified other\nimpact (CVE-2018-16424).\n\nA double free when handling responses from an HSM Card in\nsc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before\n0.19.0-rc1 could be used by attackers able to supply crafted smartcards\nto cause a denial of service (application crash) or possibly have\nunspecified other impact (CVE-2018-16425).\n\nEndless recursion when handling responses from an IAS-ECC card in\niasecc_select_file in libopensc/card-iasecc.c in OpenSC before\n0.19.0-rc1 could be used by attackers able to supply crafted smartcards\nto hang or crash the opensc library using programs (CVE-2018-16426).\n\nVarious out of bounds reads when handling responses in OpenSC before\n0.19.0-rc1 could be used by attackers able to supply crafted smartcards\nto potentially crash the opensc library using programs (CVE-2018-16427).\n","modified":"2026-04-16T01:46:51.438011194Z","published":"2019-01-08T21:50:23Z","upstream":["CVE-2018-16391","CVE-2018-16392","CVE-2018-16393","CVE-2018-16418","CVE-2018-16419","CVE-2018-16420","CVE-2018-16421","CVE-2018-16422","CVE-2018-16423","CVE-2018-16424","CVE-2018-16425","CVE-2018-16426","CVE-2018-16427"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0019.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23447"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FELOINZJEHXTJ757WSU4HYL5HWENARJH/"}],"affected":[{"package":{"name":"opensc","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/opensc?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.19.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0019.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}