First published: Thu Sep 05 2019(Updated: )
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Opensc Project Opensc | <=0.19.0 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Fedoraproject Fedora | =31 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-15946 is a vulnerability in OpenSC before 0.20.0-rc1 that allows an out-of-bounds access of an ASN.1 Octet string.
CVE-2019-15946 has a severity value of 6.4, which is considered medium.
The affected software includes OpenSC versions up to and including 0.19.0, Debian Linux 8.0 and 9.0, and Fedora 31.
To fix CVE-2019-15946, update to OpenSC version 0.20.0-rc1 or later.
You can find more information about CVE-2019-15946 on the Openwall OSS Security mailing list and the OpenSC GitHub page.