CVE-2018-16421
Description
Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in OpenSC's CAC card handling allows crafted smartcards to cause denial of service or potential code execution.
Vulnerability
A buffer overflow vulnerability exists in the cac_get_serial_nr_from_CUID function in libopensc/card-cac.c in OpenSC versions before 0.19.0-rc1 [2]. The function copies attacker-controlled data into a fixed-size buffer without proper bounds checking, leading to a stack-based buffer overflow [3]. This issue is part of a series of buffer overflow and out-of-bounds access vulnerabilities identified by X41 D-Sec [2].
Exploitation
An attacker must supply a crafted smartcard or a device emulating one that sends a malformed response to an APDU command [2]. No prior authentication or special privileges are required. When the victim's system reads the card, the vulnerable code path is triggered, causing the overflow [3].
Impact
Successful exploitation causes a denial of service (application crash) and, depending on the memory layout, may allow arbitrary code execution [2]. The CVSS score is 7.5 (High) with vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [1].
Mitigation
The vulnerability is fixed in OpenSC version 0.19.0-rc1 [4]. Users should update to this version or later. Red Hat Enterprise Linux users can apply the update via RHSA-2019:2154 [1]. No workaround is available; upgrading is the only mitigation.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <0.19.0-rc1
- osv-coords2 versionspkg:rpm/opensuse/opensc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015
< 0.21.0-2.2+ 1 more
- (no CPE)range: < 0.21.0-2.2
- (no CPE)range: < 0.18.0-3.8.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- access.redhat.com/errata/RHSA-2019:2154mitrevendor-advisoryx_refsource_REDHAT
- github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160admitrex_refsource_MISC
- github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/09/msg00009.htmlmitremailing-listx_refsource_MLIST
- www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.