#VU23847 Buffer overflow in OpenSC - CVE-2019-19481

Cybersecurity Help s.r.o.

Published: 2019-12-30

Vulnerability identifier: #VU23847

Vulnerability risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-19481

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
OpenSC
Universal components / Libraries / Libraries used by multiple products

Vendor: OpenSC

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing CAC certificates in libopensc/card-cac1.c. A local user can pass specially crafted certificate to the application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OpenSC: 0.4.0 - 0.20.0 rc34

External links
https://www.openwall.com/lists/oss-security/2019/12/29/1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618
https://github.com/OpenSC/OpenSC/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278
https://github.com/OpenSC/OpenSC/releases/tag/0.20.0

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for opensc

Red Hat Enterprise Linux 8 update for opensc

Arch Linux update for opensc

Buffer overflow in opensc (Alpine package)

Multiple vulnerabilities in OpenSC