Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2018-16422

Published: August 31, 2023Last modified: August 31, 2023

Description

A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

Severity score breakdown

ParameterValue
Base score6.6
Attack VectorPHYSICAL
Attack complexityLOW
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSopenscNot affected (0.22.0-r4)
StreamopenscNot affected (0.23.0-r0)

References

ON THIS PAGE