First published: Tue Sep 04 2018(Updated: )
A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Opensc Project Opensc | <=0.18.0 | |
redhat/opensc | <0.19.0 | 0.19.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-16422 is a vulnerability that allows attackers to cause a denial of service or possibly have unspecified other impact by exploiting a single byte buffer overflow when handling responses from an esteid Card in OpenSC before version 0.19.0-rc1.
The severity of CVE-2018-16422 is medium with a CVSS score of 6.6.
The vulnerability can be exploited by attackers who are able to supply crafted smartcards to the affected system.
To mitigate the vulnerability, it is recommended to update to OpenSC version 0.19.0-rc1 or later.
You can find more information about CVE-2018-16422 at the following references: [Link 1](https://access.redhat.com/errata/RHSA-2019:2154), [Link 2](https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d64c08c80437cf0006ada91e50f20ba0), [Link 3](https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1).