CVE-2019-15945: Buffer Overflow
First published: Thu Sep 05 2019(Updated: )
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opensc Project Opensc | <=0.19.0 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Fedoraproject Fedora | =31 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2019/12/29/1
- https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68
- https://github.com/OpenSC/OpenSC/compare/f1691fc...12218d4
- https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2019-15945.
What is the severity rating of CVE-2019-15945?
CVE-2019-15945 has a severity rating of 6.4 (medium).
What is the affected software for CVE-2019-15945?
The affected software for CVE-2019-15945 is OpenSC before version 0.20.0-rc1 and Debian Linux 8.0, 9.0, and Fedora 31.
What is the description of CVE-2019-15945?
CVE-2019-15945 is an out-of-bounds access vulnerability in OpenSC's decode_bit_string function in libopensc/asn1.c.
How can I fix CVE-2019-15945?
To fix CVE-2019-15945, update OpenSC to version 0.20.0-rc1 or later.
- collector/nvd-index
- vendor/opensc project
- canonical/opensc project opensc
- version/opensc project opensc/0.19.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/31