CVE-2010-4530

Name of the Vulnerable Software and Affected Versions pcscd in PCSC-Lite version 1.5.3 libccid version 1.3.8 ccid-debuginfo version 1.3.8

Description The issue is related to a signedness error in the ccid serial.c file of the libccid driver, which can be exploited by physically proximate attackers using a smart card with a crafted serial number. This exploitation can lead to a buffer overflow, allowing the execution of arbitrary code. The vulnerability may also be referred to as an integer overflow. It can be exploited locally and may lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For pcscd in PCSC-Lite version 1.5.3, update to a version that fixes the signedness error in the libccid driver. For libccid version 1.3.8, consider disabling the use of smart cards until a patch is available to prevent exploitation. For ccid-debuginfo version 1.3.8, restrict access to the vulnerable driver to minimize the risk of local exploitation.