sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3463 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3463-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                       Guilhem Moulin     June 21, 2023                                 https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : opensc     Version        : 0.19.0-1+deb10u2     CVE ID         : CVE-2019-6502 CVE-2021-42779 CVE-2021-42780 CVE-2021-42781                      CVE-2021-42782 CVE-2023-2977     Debian Bug     : 1037021

    Multiple vulnerabilities were found in opensc, a set of libraries and     utilities to access smart cards, which could lead to application crash     or information leak.

    CVE-2019-6502

        Dhiraj Mishra discovered a minor memory leak in the eidenv(1) CLI         utility on an error-case.

    CVE-2021-42779

        A heap use after free vulnerability was discovered in         sc_file_valid().

    CVE-2021-42780

        An use after return vulnerability was discovered in insert_pin(),         which could potentially crash programs using the library.

    CVE-2021-42781

        Multiple heap buffer overflow vulnerabilities were discovered in         pkcs15-oberthur.c, which could potentially crash programs using the         library.

    CVE-2021-42782

        Multiple stack buffer overflow vulnerabilities were discovered in         various places, which could potentially crash programs using the         library.

    CVE-2023-2977

        A buffer overrun vulnerability was discovered in pkcs15         cardos_have_verifyrc_package(), which could lead to crash or         information leak via smart card package with a malicious ASN1         context.

    For Debian 10 buster, these problems have been fixed in version     0.19.0-1+deb10u2.

    We recommend that you upgrade your opensc packages.

    For the detailed security status of opensc please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/opensc

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:4196-1 advisory.

  - sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from     eidenv. (CVE-2019-6502)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1041-1 advisory.

  - OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in     libopensc/asn1.c. (CVE-2019-15945)

  - OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in     libopensc/asn1.c. (CVE-2019-15946)

  - An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c     has an incorrect read operation during parsing of a SETCOS file attribute. (CVE-2019-19479)

  - An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c     mishandles buffer limits for CAC certificates. (CVE-2019-19481)

  - OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in     libopensc/card-coolkey.c lacks a uniqueness check. (CVE-2019-20792)

  - sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from     eidenv. (CVE-2019-6502)

  - The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in     sc_oberthur_read_file. (CVE-2020-26570)

  - The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow     in sc_pkcs15emu_gemsafeGPK_init. (CVE-2020-26571)

  - The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in     tcos_decipher. (CVE-2020-26572)

  - A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. (CVE-2021-42779)

  - A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could     potentially crash programs using the library. (CVE-2021-42780)

  - Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could     potentially crash programs using the library. (CVE-2021-42781)

  - Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could     potentially crash programs using the library. (CVE-2021-42782)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This update for opensc fixes the following issues :

Security issue fixed :

CVE-2019-6502: Fixed a memory leak in sc_context_create() (bsc#1122756).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the opensc package installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - sc_context_create in ctx.c in libopensc in OpenSC     0.19.0 has a memory leak, as demonstrated by a call     from eidenv.(CVE-2019-6502)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
177462	Debian dla-3463 : opensc - security update	Nessus	Debian Local Security Checks	high
168172	SUSE SLED15 / SLES15 Security Update : opensc (SUSE-SU-2022:4196-1)	Nessus	SuSE Local Security Checks	high
159349	SUSE SLES15 Security Update : opensc (SUSE-SU-2022:1041-1)	Nessus	SuSE Local Security Checks	medium
143754	SUSE SLES12 Security Update : opensc (SUSE-SU-2020:3133-1)	Nessus	SuSE Local Security Checks	high
131359	EulerOS 2.0 SP8 : opensc (EulerOS-SA-2019-2293)	Nessus	Huawei Local Security Checks	high

Detections

Analytics

CVE-2019-6502

high

Tenable Plugins

high

high

medium

high

high