Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Debian 11: DLA-4004-1 moderate: opensc info leak and crash issues

debian lts
Calendar Grey December 28, 2024
Dist Debian Esm H88
Ubuntu Security Notice USN-4958-1 tackles vulnerabilities in libopenssl which can result in system instability or unauthorized data exposure.
Multiple vulnerabilities were found in opensc, a set of libraries and utilities to access smart cards, which could lead to application crash, information leak, or PIN bypass

Summary

CVE-2021-34193

Multiple stack overflow vulnerabilities were discovered in OpenSC
smart card middleware via crafted responses to APDUs.

CVE-2021-42778

A heap double free issue was found in sc_pkcs15_free_tokeninfo().

CVE-2021-42779

A heap use after free issue was found in sc_file_valid().

CVE-2021-42780

A use after return issue was found in the insert_pin() function,
which could potentially crash programs using the library.

CVE-2021-42781

Multiple heap buffer overflow issues were found in
pkcs15-oberthur.c, which could potentially crash programs using the
library.

CVE-2021-42782

Multiple buffer overflow issues were found in various places, which
could potentially crash programs using the library.

CVE-2023-2977

A buffer overrun vulnerability was found in pkcs15's
cardos_have_verifyrc_package(). When supplying a smart card package
with malformed ASN.1 context, an attacker can trigger a crash or

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Package: opensc
Version: 0.21.0-1+deb11u1
CVE ID: CVE-2021-34193 CVE-2021-42778 CVE-2021-42779 CVE-2021-42780
Debian Bug: 1037021 1055521 1055522 1064189 1082853 1082859 1082860

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here