Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2018-16420

Published: August 31, 2023Last modified: August 31, 2023

Description

Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

Severity score breakdown

ParameterValue
Base score6.6
Attack VectorPHYSICAL
Attack complexityLOW
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSopenscNot affected (0.22.0-r4)
StreamopenscNot affected (0.23.0-r0)

References

ON THIS PAGE