Alpaquita Linux
Security Advisory

CVE-2018-16391

Published: August 31, 2023Last modified: August 31, 2023

Description

Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

Severity score breakdown

ParameterValue
Base score6.8
Attack VectorPHYSICAL
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSopenscNot affected (0.22.0-r4)
StreamopenscNot affected (0.23.0-r0)

References

ON THIS PAGE