CVE-2018-16427
Description
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OpenSC before 0.19.0-rc1 contains multiple out-of-bounds reads in response handling, allowing attackers with crafted smartcards to crash the library.
Vulnerability
OpenSC versions before 0.19.0-rc1 contain multiple out-of-bounds read vulnerabilities in functions that parse responses from smartcards. These issues were identified through fuzzing and affect routines such as muscle_list_files() and decrypt_response() [2][3]. The library fails to validate buffer lengths before reading, leading to reads beyond allocated memory when processing malformed APDU responses.
Exploitation
An attacker must supply a crafted smartcard that sends specially crafted responses to APDU commands. No authentication or special privileges are required; the card is inserted into a reader and the host software processes the response. By providing unexpected data lengths or malformed TLV structures, the attacker can trigger out-of-bounds reads in the OpenSC library.
Impact
Successful exploitation results in a crash of the OpenSC library or any application using it (e.g., smart card authentication tools). This constitutes a denial-of-service condition. No code execution or privilege escalation is described in the available references.
Mitigation
The vulnerabilities are fixed in OpenSC version 0.19.0-rc1 [4]. Red Hat has released an advisory (RHSA-2019:2154) for Red Hat Enterprise Linux [1]. Users should update to the patched version. No workaround is available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
12- Range: <0.19.0-rc1
- osv-coords11 versionspkg:rpm/opensuse/opensc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 0.21.0-2.2+ 10 more
- (no CPE)range: < 0.21.0-2.2
- (no CPE)range: < 0.13.0-3.3.2
- (no CPE)range: < 0.13.0-3.3.2
- (no CPE)range: < 0.18.0-3.8.1
- (no CPE)range: < 0.11.6-5.27.3.1
- (no CPE)range: < 0.13.0-3.3.2
- (no CPE)range: < 0.13.0-3.3.2
- (no CPE)range: < 0.11.6-5.27.3.1
- (no CPE)range: < 0.13.0-3.3.2
- (no CPE)range: < 0.13.0-3.3.2
- (no CPE)range: < 0.11.6-5.27.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- access.redhat.com/errata/RHSA-2019:2154mitrevendor-advisoryx_refsource_REDHAT
- github.com/OpenSC/OpenSC/pull/1447/commits/8fe377e93b4b56060e5bbfb6f3142ceaeca744famitrex_refsource_MISC
- github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/09/msg00009.htmlmitremailing-listx_refsource_MLIST
- www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.