First published: Wed Apr 29 2020(Updated: )
OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Opensc Project Opensc | <0.20.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-20792 is a vulnerability in OpenSC before version 0.20.0 that allows for a double free in the coolkey_free_private_data function.
CVE-2019-20792 affects OpenSC versions up to but not including 0.20.0.
CVE-2019-20792 has a severity rating of 6.8 (medium).
To fix CVE-2019-20792, update OpenSC to version 0.20.0 or higher.
The CWE ID for CVE-2019-20792 is 415.