First published: Tue Sep 04 2018(Updated: )
Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Opensc Project Opensc | <=0.18.0 | |
redhat/opensc | <0.19.0 | 0.19.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-16419 is a vulnerability that allows attackers to cause a denial of service or have unspecified other impact by supplying crafted smartcards.
The severity of CVE-2018-16419 is medium with a CVSS score of 6.6.
The vulnerability can be exploited by attackers who are able to supply crafted smartcards.
OpenSC versions up to and including 0.18.0 are affected, as well as Red Hat OpenSC versions up to but not including 0.19.0.
To fix CVE-2018-16419, update to OpenSC version 0.19.0 or higher.