CVE-2017-6414 - OpenCVE

Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Libcacard Project	Libcacard

Configuration 1 [-]

cpe:2.3:a:libcacard_project:libcacard:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2017/03/01/11	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/96541	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:2408	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1427833	Issue Tracking Patch Third Party Advisory VDB Entry
https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c	Patch Third Party Advisory
https://cgit.freedesktop.org/spice/libcacard/tree/NEWS?id=aaa5251791bf0b1640afcba77a7d79ea23c42d53	Release Notes Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-03-15T14:00:00

Updated: 2018-01-04T19:57:01

Reserved: 2017-03-01T00:00:00

Link: CVE-2017-6414

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-03-15T14:59:00.917

Modified: 2020-05-20T16:08:45.727

Link: CVE-2017-6414

JSON object: View

Redhat Information

No data.

CWE

CWE-772

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-03-01T00:00:00", "descriptions": [{"lang": "en", "value": "Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "96541", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96541"}, {"name": "[oss-security] 20170301 CVE-2017-6414 Qemu: libcacard: host memory leakage while creating new APDU", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/03/01/11"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1427833"}, {"name": "RHSA-2017:2408", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2408"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cgit.freedesktop.org/spice/libcacard/tree/NEWS?id=aaa5251791bf0b1640afcba77a7d79ea23c42d53"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-6414", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "96541", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96541"}, {"name": "[oss-security] 20170301 CVE-2017-6414 Qemu: libcacard: host memory leakage while creating new APDU", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/03/01/11"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1427833", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1427833"}, {"name": "RHSA-2017:2408", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2408"}, {"name": "https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c", "refsource": "CONFIRM", "url": "https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c"}, {"name": "https://cgit.freedesktop.org/spice/libcacard/tree/NEWS?id=aaa5251791bf0b1640afcba77a7d79ea23c42d53", "refsource": "CONFIRM", "url": "https://cgit.freedesktop.org/spice/libcacard/tree/NEWS?id=aaa5251791bf0b1640afcba77a7d79ea23c42d53"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-6414", "datePublished": "2017-03-15T14:00:00", "dateReserved": "2017-03-01T00:00:00", "dateUpdated": "2018-01-04T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libcacard_project:libcacard:*:*:*:*:*:*:*:*", "matchCriteriaId": "343DB6CA-D9DF-4366-82F3-A7665A427133", "versionEndExcluding": "2.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object."}, {"lang": "es", "value": "P\u00e9rdida de memoria en la funci\u00f3n vcard_apdu_new en card_7816.c en libcacard en versiones anteriores a 2.5.3 permite a usuarios locales del SO invitado provocar una denegaci\u00f3n de servicio (consumo de memoria del host) a trav\u00e9s de vectores relacionados con la asignaci\u00f3n de un nuevo objeto APDU."}], "id": "CVE-2017-6414", "lastModified": "2020-05-20T16:08:45.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-15T14:59:00.917", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/03/01/11"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96541"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2408"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1427833"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://cgit.freedesktop.org/spice/libcacard/tree/NEWS?id=aaa5251791bf0b1640afcba77a7d79ea23c42d53"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "nvd@nist.gov", "type": "Primary"}]}