First published: Mon Sep 03 2018(Updated: )
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/opensc | <0.19.0 | 0.19.0 |
Opensc Project Opensc | <=0.18.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-16393 is a vulnerability that involves several buffer overflows when handling responses from a Gemsafe V1 Smartcard in OpenSC before version 0.19.0-rc1.
Attackers can exploit this vulnerability by supplying crafted smartcards, which could cause a denial of service (application crash) or potentially have unspecified impacts.
The severity of CVE-2018-16393 is medium, with a score of 6.8.
To fix CVE-2018-16393, you should update to OpenSC version 0.19.0 or later.
You can find more information about CVE-2018-16393 in the Red Hat advisory (RHSA-2019:2154) and the OpenSC release notes.