CVE-2018-16391
Description
Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Multiple buffer overflow vulnerabilities in muscle_list_files() in OpenSC before 0.19.0-rc1 allow crafted smartcards to cause denial of service or possibly other impact.
Vulnerability
A buffer overflow vulnerability exists in the muscle_list_files() function in libopensc/card-muscle.c in OpenSC versions before 0.19.0-rc1. The function does not check the buffer length (bufLen) before copying data, leading to out-of-bounds writes when processing responses from a crafted smartcard. The issue was reported in the X41 advisory and fixed in commit 360e95d45ac4123255a4c796db96337f332160ad [2][3].
Exploitation
An attacker must physically deliver or trick a user into inserting a malicious smartcard into a reader connected to a system running an affected OpenSC version (e.g., 0.17.0). The smartcard sends crafted responses to APDU commands, triggering the buffer overflow in muscle_list_files() during file listing operations. No authentication or special privileges are required; the attack is carried out via normal card interaction [2].
Impact
Successful exploitation can cause a denial of service (application crash) due to memory corruption. The advisory also notes potential for unspecified other impact, as buffer overflows can sometimes be leveraged for code execution, though no such exploit is confirmed [1][2].
Mitigation
OpenSC fixed this issue in version 0.19.0-rc1, released on 2018-09-03 [4]. Red Hat Enterprise Linux users can apply RHSA-2019:2154 [1]. No workaround is available; users should upgrade to the patched version or later.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
12- Range: <0.19.0-rc1
- osv-coords11 versionspkg:rpm/opensuse/opensc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 0.21.0-2.2+ 10 more
- (no CPE)range: < 0.21.0-2.2
- (no CPE)range: < 0.13.0-3.3.2
- (no CPE)range: < 0.13.0-3.3.2
- (no CPE)range: < 0.18.0-3.8.1
- (no CPE)range: < 0.11.6-5.27.3.1
- (no CPE)range: < 0.13.0-3.3.2
- (no CPE)range: < 0.13.0-3.3.2
- (no CPE)range: < 0.11.6-5.27.3.1
- (no CPE)range: < 0.13.0-3.3.2
- (no CPE)range: < 0.13.0-3.3.2
- (no CPE)range: < 0.11.6-5.27.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- access.redhat.com/errata/RHSA-2019:2154mitrevendor-advisoryx_refsource_REDHAT
- github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160admitrex_refsource_MISC
- github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/09/msg00009.htmlmitremailing-listx_refsource_MLIST
- www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.