opensc: Multiple vulnerabilities (CVE-2019-6502, CVE-2019-15945, CVE-2019-15946, CVE-2019-19479, CVE-2019-19480, CVE-2019-19481)
CVE-2019-6502: memory leak in sc_context_create in ctx.c in libopensc
A flaw was found in OpenSC 0.19.0. Function sc_context_create in ctx.c in libopensc has a memory leak.
References:
CVE-2019-15945: Out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
References:
- https://github.com/OpenSC/OpenSC/releases/tag/0.20.0
- https://www.openwall.com/lists/oss-security/2019/12/29/1
Patch:
https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68
CVE-2019-15946: Out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
References:
- https://github.com/OpenSC/OpenSC/releases/tag/0.20.0
- https://nvd.nist.gov/vuln/detail/CVE-2019-15946
Patch:
https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740
CVE-2019-19479: incorrect read operation during parsing of a SETCOS file attribute
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.
References:
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693
- https://nvd.nist.gov/vuln/detail/CVE-2019-19479
Patch:
https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2
CVE-2019-19480: incorrect free operation in sc_pkcs15_decode_prkdf_entry in libopensc/pkcs15-prkey.c
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.
References:
- Introduced in: https://github.com/OpenSC/OpenSC/commit/630d6adf32cecaab0ee184618f56497bd50400fb
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478
Patch:
https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7
CVE-2019-19481: improper handling of buffer limits for CAC certificates
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.
References:
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618
- https://nvd.nist.gov/vuln/detail/CVE-2019-19481
Patch:
https://github.com/OpenSC/OpenSC/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278