#VU34415 Double Free in OpenSC - CVE-2019-20792


| Updated: 2020-08-08

Vulnerability identifier: #VU34415

Vulnerability risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-20792

CWE-ID: CWE-415

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
OpenSC
Universal components / Libraries / Libraries used by multiple products

Vendor: OpenSC

Description

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.

Mitigation
Install update from vendor's website.

Vulnerable software versions

OpenSC: 0.4.0 - 0.19.0

External links
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208
https://github.com/OpenSC/OpenSC/commit/c246f6f69a749d4f68626b40795a4f69168008f4
https://github.com/OpenSC/OpenSC/compare/0.19.0...0.20.0

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for opensc
SUSE update for opensc
Red Hat Enterprise Linux 8 update for opensc
Double Free in OpenSC