Vulnerabilities > Opensc Project > Opensc > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-09-04 CVE-2018-16425 Double Free vulnerability in Opensc Project Opensc
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
local
low complexity
opensc-project CWE-415
4.6
2018-09-04 CVE-2018-16424 Double Free vulnerability in Opensc Project Opensc
A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
local
low complexity
opensc-project CWE-415
4.6
2018-09-04 CVE-2018-16423 Double Free vulnerability in Opensc Project Opensc
A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
local
low complexity
opensc-project CWE-415
4.6
2018-09-04 CVE-2018-16422 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Opensc Project Opensc
A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
local
low complexity
opensc-project CWE-119
4.6
2018-09-04 CVE-2018-16421 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Opensc Project Opensc
Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
local
low complexity
opensc-project CWE-119
4.6
2018-09-04 CVE-2018-16420 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Opensc Project Opensc
Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
local
low complexity
opensc-project CWE-119
4.6
2018-09-04 CVE-2018-16419 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Opensc Project Opensc
Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
local
low complexity
opensc-project CWE-119
4.6
2018-09-04 CVE-2018-16418 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Opensc Project Opensc
A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
local
low complexity
opensc-project CWE-119
4.6
2018-09-03 CVE-2018-16393 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Opensc Project Opensc
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
local
low complexity
opensc-project CWE-119
4.6
2018-09-03 CVE-2018-16392 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Opensc Project Opensc
Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
local
low complexity
opensc-project CWE-119
4.6