CVE-2019-19479
MEDIUM
5,5
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
LOW
2,1
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none
Description
AI Translation Available
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0005
Percentile
0,1th
Updated
EPSS Score Trend (Last 91 Days)
125
Out-of-bounds Read
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Availability
Other
Potential Impacts:
Read Memory
Bypass Protection Mechanism
Dos: Crash, Exit, Or Restart
Varies By Context
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
Technologies:
ICS/OT
Application
Opensc by Opensc Project
Version Range Affected
To
0.19.0
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Opensc by Opensc Project
CPE Identifier
View Detailed Analysis
cpe:2.3:a:opensc_project:opensc:0.20.0:rc3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Fedora by Fedoraproject
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Opensc by Opensc Project
CPE Identifier
View Detailed Analysis
cpe:2.3:a:opensc_project:opensc:0.20.0:rc2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Opensc by Opensc Project
CPE Identifier
View Detailed Analysis
cpe:2.3:a:opensc_project:opensc:0.20.0:rc1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693
https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2
https://lists.debian.org/debian-lts-announce/2019/12/msg00031.html
https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
http://www.openwall.com/lists/oss-security/2019/12/29/1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693
https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2
https://lists.debian.org/debian-lts-announce/2019/12/msg00031.html
https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
http://www.openwall.com/lists/oss-security/2019/12/29/1