CVE-2019-19480 - OpenCVE

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Opensc Project	Opensc

Configuration 1 [-]

AND

OR	cpe:2.3:a:opensc_project:opensc::::::::
	cpe:2.3:a:opensc_project:opensc:0.20.0:rc1::::::
	cpe:2.3:a:opensc_project:opensc:0.20.0:rc2::::::
	cpe:2.3:a:opensc_project:opensc:0.20.0:rc3::::::

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2019/12/29/1	Mailing List
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478	Exploit Patch Third Party Advisory
https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7	Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-12-01T22:37:18

Updated: 2020-01-24T18:06:18

Reserved: 2019-12-01T00:00:00

Link: CVE-2019-19480

JSON object: View

NVD Information

Status : Modified

Published: 2019-12-01T23:15:10.730

Modified: 2023-11-07T03:07:40.700

Link: CVE-2019-19480

JSON object: View

Redhat Information

No data.

CWE

CWE-672

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-24T18:06:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478"}, {"name": "[oss-security] 20191229 OpenSC 0.20.0 released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/12/29/1"}, {"name": "FEDORA-2020-3c93790abe", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19480", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7", "refsource": "MISC", "url": "https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7"}, {"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478", "refsource": "MISC", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478"}, {"name": "[oss-security] 20191229 OpenSC 0.20.0 released", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/12/29/1"}, {"name": "FEDORA-2020-3c93790abe", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19480", "datePublished": "2019-12-01T22:37:18", "dateReserved": "2019-12-01T00:00:00", "dateUpdated": "2020-01-24T18:06:18", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BBAA136-529C-41AB-8A74-D4BABD9B00ED", "versionEndIncluding": "0.19.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:opensc_project:opensc:0.20.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "B40AD56D-CA2A-41D0-A0B5-C5ACF6F21858", "vulnerable": true}, {"criteria": "cpe:2.3:a:opensc_project:opensc:0.20.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "9C6258EA-E2DE-4AB0-BCF8-E4F550E80A4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:opensc_project:opensc:0.20.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "69C9C1EF-1A86-44CD-A147-5DEA86441FC2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry."}, {"lang": "es", "value": "Se detect\u00f3 un problema en OpenSC versiones hasta 0.19.0 y versiones 0.20.x hasta 0.20.0-rc3. El archivo libopensc/pkcs15-prkey.c presenta una operaci\u00f3n liberada incorrecta en la funci\u00f3n sc_pkcs15_decode_prkdf_entry."}], "id": "CVE-2019-19480", "lastModified": "2023-11-07T03:07:40.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-01T23:15:10.730", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2019/12/29/1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-672"}], "source": "nvd@nist.gov", "type": "Primary"}]}