CVE-2019-6502
Description
sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Memory leak in OpenSC 0.19.0's sc_context_create function in ctx.c, triggered via the eidenv tool.
Vulnerability
A memory leak exists in sc_context_create in ctx.c of libopensc in OpenSC version 0.19.0. The leak manifests when the eidenv tool calls this function, as reported in [1]. The allocated memory via calloc at line 809 and subsequent allocations (e.g., from pcsc_init, list_init, and strdup) are not freed before the context is discarded, leading to direct and indirect leaks.
Exploitation
An attacker does not require special network access or authentication; the vulnerability is triggered locally by running the eidenv tool [1]. The sequence involves simply invoking eidenv, which calls sc_context_create in ctx.c at line 809, resulting in unreleased heap memory.
Impact
An attacker who can execute the eidenv binary can cause a memory leak, potentially exhausting system memory over repeated invocations. This constitutes a denial-of-service (DoS) impact by degrading system availability. There is no confidentiality or integrity impact.
Mitigation
The vulnerability is addressed in OpenSC 0.20.0, released on 29 December 2019 [2]. Users should upgrade to this version or later. No workarounds are documented for unpatched versions.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
14- Range: 0.12.2, 0.12.2-rc1, 0.13.0, …
- Range: =0.19.0
- osv-coords12 versionspkg:rpm/opensuse/opensc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/opensc&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/opensc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015
< 0.19.0-150100.3.19.1+ 11 more
- (no CPE)range: < 0.19.0-150100.3.19.1
- (no CPE)range: < 0.19.0-150100.3.19.1
- (no CPE)range: < 0.21.0-2.2
- (no CPE)range: < 0.18.0-150000.3.23.1
- (no CPE)range: < 0.18.0-150000.3.23.1
- (no CPE)range: < 0.19.0-150100.3.19.1
- (no CPE)range: < 0.19.0-150100.3.19.1
- (no CPE)range: < 0.19.0-150100.3.19.1
- (no CPE)range: < 0.13.0-3.6.27
- (no CPE)range: < 0.18.0-150000.3.23.1
- (no CPE)range: < 0.13.0-3.6.27
- (no CPE)range: < 0.18.0-150000.3.23.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.openwall.com/lists/oss-security/2019/12/29/1mitremailing-list
- lists.debian.org/debian-lts-announce/2023/06/msg00025.htmlmitremailing-list
- github.com/OpenSC/OpenSC/issues/1586mitre
News mentions
0No linked articles in our index yet.