QID 355552
Date Published: 2023-07-03
QID 355552: Amazon Linux Security Advisory for opensc : ALAS2-2023-2102
A heap use after free issue was found in opensc before version 0.22.0 in sc_file_valid. (
( CVE-2021-42779) a use after return issue was found in opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. (
( CVE-2021-42780) heap buffer overflow issues were found in opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. (
( CVE-2021-42781) stack buffer overflow issues were found in opensc before version 0.22.0 in various places that could potentially crash programs using the library. (
( CVE-2021-42782) a vulnerbility was found in opensc.
This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package.
The attacker can supply a smart card package with malformed asn1 context.
The cardos_have_verifyrc_package function scans the asn1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer.
This leads to possible heap-based buffer oob read.
In cases where asan is enabled while compiling this causes a crash.
Further info leak or more damage is possible. (
( CVE-2023-2977)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2-2023-2102 -
alas.aws.amazon.com/AL2/ALAS-2023-2102.html
CVEs related to QID 355552
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2-2023-2102 | amazon linux 2 |
alas.aws.amazon.com/AL2/ALAS-2023-2102.html |