Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2018-16423

Published: August 31, 2023Last modified: August 31, 2023

Description

A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

Severity score breakdown

ParameterValue
Base score6.6
Attack VectorPHYSICAL
Attack complexityLOW
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSopenscNot affected (0.22.0-r4)
StreamopenscNot affected (0.23.0-r0)

References

ON THIS PAGE