rpm package
suse/opensc&distro=SUSE Linux Enterprise Module for Basesystem 15
pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-16427 | — | < 0.18.0-3.8.1 | 0.18.0-3.8.1 | Sep 4, 2018 | Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. | ||
| CVE-2018-16426 | — | < 0.18.0-3.8.1 | 0.18.0-3.8.1 | Sep 4, 2018 | Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs. | ||
| CVE-2018-16425 | — | < 0.18.0-3.8.1 | 0.18.0-3.8.1 | Sep 4, 2018 | A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified o | ||
| CVE-2018-16424 | — | < 0.18.0-3.8.1 | 0.18.0-3.8.1 | Sep 4, 2018 | A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | ||
| CVE-2018-16423 | — | < 0.18.0-3.8.1 | 0.18.0-3.8.1 | Sep 4, 2018 | A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | ||
| CVE-2018-16422 | — | < 0.18.0-3.8.1 | 0.18.0-3.8.1 | Sep 4, 2018 | A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly | ||
| CVE-2018-16421 | — | < 0.18.0-3.8.1 | 0.18.0-3.8.1 | Sep 4, 2018 | Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspe | ||
| CVE-2018-16420 | — | < 0.18.0-3.8.1 | 0.18.0-3.8.1 | Sep 4, 2018 | Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have un | ||
| CVE-2018-16419 | — | < 0.18.0-3.8.1 | 0.18.0-3.8.1 | Sep 4, 2018 | Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspeci | ||
| CVE-2018-16418 | — | < 0.18.0-3.8.1 | 0.18.0-3.8.1 | Sep 4, 2018 | A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | ||
| CVE-2018-16393 | — | < 0.18.0-3.8.1 | 0.18.0-3.8.1 | Sep 3, 2018 | Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possib | ||
| CVE-2018-16392 | — | < 0.18.0-3.8.1 | 0.18.0-3.8.1 | Sep 3, 2018 | Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified ot | ||
| CVE-2018-16391 | — | < 0.18.0-3.8.1 | 0.18.0-3.8.1 | Sep 3, 2018 | Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecifi |
- CVE-2018-16427Sep 4, 2018affected < 0.18.0-3.8.1fixed 0.18.0-3.8.1
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.
- CVE-2018-16426Sep 4, 2018affected < 0.18.0-3.8.1fixed 0.18.0-3.8.1
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.
- CVE-2018-16425Sep 4, 2018affected < 0.18.0-3.8.1fixed 0.18.0-3.8.1
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified o
- CVE-2018-16424Sep 4, 2018affected < 0.18.0-3.8.1fixed 0.18.0-3.8.1
A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
- CVE-2018-16423Sep 4, 2018affected < 0.18.0-3.8.1fixed 0.18.0-3.8.1
A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
- CVE-2018-16422Sep 4, 2018affected < 0.18.0-3.8.1fixed 0.18.0-3.8.1
A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly
- CVE-2018-16421Sep 4, 2018affected < 0.18.0-3.8.1fixed 0.18.0-3.8.1
Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspe
- CVE-2018-16420Sep 4, 2018affected < 0.18.0-3.8.1fixed 0.18.0-3.8.1
Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have un
- CVE-2018-16419Sep 4, 2018affected < 0.18.0-3.8.1fixed 0.18.0-3.8.1
Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspeci
- CVE-2018-16418Sep 4, 2018affected < 0.18.0-3.8.1fixed 0.18.0-3.8.1
A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
- CVE-2018-16393Sep 3, 2018affected < 0.18.0-3.8.1fixed 0.18.0-3.8.1
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possib
- CVE-2018-16392Sep 3, 2018affected < 0.18.0-3.8.1fixed 0.18.0-3.8.1
Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified ot
- CVE-2018-16391Sep 3, 2018affected < 0.18.0-3.8.1fixed 0.18.0-3.8.1
Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecifi