CVE-2018-16425

Name of the Vulnerable Software and Affected Versions OpenSC versions prior to 0.19.0-rc1

Description The issue is related to a double free when handling responses from an HSM Card in the sc pkcs15emu sc hsm init function in libopensc/pkcs15-sc-hsm.c. This could be exploited by attackers who can supply crafted smartcards, potentially causing a denial of service (application crash) or having other unspecified impacts.

Recommendations For OpenSC versions prior to 0.19.0-rc1, update to version 0.19.0-rc1 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted smartcards to minimize the risk of exploitation.