CVE-2010-4523

Name of the Vulnerable Software and Affected Versions OpenSC versions prior to 0.11.13

Description The issue affects the opensc package in Gentoo Linux and is related to multiple stack-based buffer overflows in libopensc. These overflows can be triggered by a long serial-number field on a smart card, specifically in files such as card-acos5.c, card-atrust-acos.c, and card-starcos.c. This can allow physically proximate attackers to execute arbitrary code, potentially leading to a breach of confidentiality, integrity, and availability of protected information. The exploitation can be carried out locally.

Recommendations For OpenSC versions prior to 0.11.13, update to version 0.11.13 or later to resolve the issue. As a temporary workaround, consider restricting access to smart cards or disabling the use of the libopensc library until a patch is applied. Avoid using long serial-number fields on smart cards in the affected API endpoints until the issue is resolved.