CVE-2018-16420
Description
Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in OpenSC's decrypt_response function allows crafted smartcards to cause denial of service or potential code execution.
Vulnerability
A buffer overflow vulnerability exists in the decrypt_response function in libopensc/card-epass2003.c of OpenSC versions before 0.19.0-rc1 [1][2]. The function does not properly check the length of the decrypted response, allowing an attacker to overflow a buffer when processing crafted responses from an ePass 2003 card [3].
Exploitation
An attacker needs physical access to insert a maliciously crafted smartcard or the ability to supply malformed responses to APDU commands. The attack does not require authentication or user interaction beyond inserting the card [2]. By sending oversized or specially crafted ciphertext, the attacker triggers a buffer overflow in the decrypt_response function.
Impact
Successful exploitation can cause a denial of service (application crash) due to memory corruption. The description also notes the possibility of unspecified other impact, which may include arbitrary code execution, although this has not been confirmed [1][2].
Mitigation
The vulnerability is fixed in OpenSC version 0.19.0-rc1 [4]. Red Hat also released an erratum (RHSA-2019:2154) addressing this issue [1]. Users should upgrade to the patched version. No known workarounds are available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
10- Range: <0.19.0-rc1
- osv-coords8 versionspkg:rpm/opensuse/opensc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
< 0.21.0-2.2+ 7 more
- (no CPE)range: < 0.21.0-2.2
- (no CPE)range: < 0.13.0-3.3.2
- (no CPE)range: < 0.13.0-3.3.2
- (no CPE)range: < 0.18.0-3.8.1
- (no CPE)range: < 0.13.0-3.3.2
- (no CPE)range: < 0.13.0-3.3.2
- (no CPE)range: < 0.13.0-3.3.2
- (no CPE)range: < 0.13.0-3.3.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- access.redhat.com/errata/RHSA-2019:2154mitrevendor-advisoryx_refsource_REDHAT
- github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160admitrex_refsource_MISC
- github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/09/msg00009.htmlmitremailing-listx_refsource_MLIST
- www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.