CVE-2010-4531

Name of the Vulnerable Software and Affected Versions pcsc-lite versions 1.5.3 through 1.6.6 pcsc-lite versions prior to 1.6.6

Description The issue affects the pcsc-lite package, potentially leading to breaches of confidentiality, integrity, and availability of protected information. It can be exploited by a local attacker. A stack-based buffer overflow in the ATRDecodeAtr function allows physically proximate attackers to cause a denial of service and possibly execute arbitrary code via a smart card with a long attribute value in its ATR message.

Recommendations For pcsc-lite versions 1.5.3 through 1.6.6, update to version 1.6.6 or later to resolve the issue. For pcsc-lite versions prior to 1.6.6, update to version 1.6.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the ATRDecodeAtr function in the atrhandler.c file until a patch is available.