PT-2019-14496 · Opensc · Opensc

Frank Morgner

Published

2019-09-06

Updated

2019-09-12

CVE-2019-16058

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenSC pam p11 component versions 0.2.0 through 0.3.0

Description An issue in the pam p11 component for OpenSC can cause a buffer overflow when a smart card creates a signature longer than 256 bytes. This may occur with RSA keys of 4096 bits, depending on the signature scheme used.

Recommendations For versions 0.2.0 and 0.3.0, consider restricting the use of smart cards that create signatures longer than 256 bytes until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2019-16058

OPENSUSE-SU-2024:11143-1

Affected Products

Opensc

PT-2019-14496 · Opensc · Opensc

CVE-2019-16058

Weakness Enumeration

Related Identifiers

Affected Products

References · 9