Double Free in opensc (Alpine package)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-16425 |
| CWE-ID | CWE-415 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
opensc (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Double Free
EUVDB-ID: #VU32032
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-16425
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
MitigationInstall update from vendor's website.
Vulnerable software versionsopensc (Alpine package): 0.17.0-r5 - 0.19.0-r2
CPE2.3- cpe:2.3:o:alpine:opensc_alpine_package:0.17.0-r5:*:*:*:*:alpine_linux:*:3.8
- cpe:2.3:o:alpine:opensc_alpine_package:0.19.0-r0:*:*:*:*:alpine_linux:*:3.8
- cpe:2.3:o:alpine:opensc_alpine_package:0.19.0-r2:*:*:*:*:alpine_linux:*:3.9
https://git.alpinelinux.org/aports/commit/?id=8ed91d2a9a7e8d3d7eebcf756173eb64be295118
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
