CVE-2018-16419
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-16419
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16419.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-16419
- Downstream
- Related
- Published
- 2018-09-04T00:29:00Z
- Modified
- 2025-10-15T09:24:08.253195Z
- Severity
-
- 6.6 (Medium) CVSS_V3 - CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Several buffer overflows when handling responses from a Cryptoflex card in readpublickey in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
- References
-
- https://access.redhat.com/errata/RHSA-2019:2154
- https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-a6074523a9cbd875e26c58e20868fb15
- https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1
- https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
- https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html
Affected packages
Git / github.com/opensc/opensc
Affected ranges
- Type
- GIT
- Repo
- https://github.com/opensc/opensc
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
0.*
0.12.2
0.12.2-rc1
0.13.0
0.13.0pre1
0.13.0rc1
0.14.0
0.14.0rc2
0.14.0rtm
0.15.0
0.16.0
0.16.0-rc1
0.16.0-rc2
0.17.0
0.17.0-rc1
0.17.0-rc2
0.18.0
0.18.0-rc1
0.18.0-rc2
v0.*
v0.12.2
v0.16.0-pre1
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"target": {
"function": "util_acl_to_str",
"file": "src/tools/util.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"length": 1384.0,
"function_hash": "271210299797610273157981141979724814179"
},
"deprecated": false,
"id": "CVE-2018-16419-0b99bc9e",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/libopensc/card-tcos.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"threshold": 0.9,
"line_hashes": [
"233481318598077239565688734290162833015",
"97939052609524587507400894812109442123",
"204087041383039004585492653448018035520",
"131445439589440703229908460382952763572",
"278834472465471595746656920320176494705",
"139222638798623248043302620018254649039",
"175896651905048379003378018399321379111",
"224505982217859260857118268338313184916",
"65206650238824587225114345289817012170"
]
},
"deprecated": false,
"id": "CVE-2018-16419-0c147fac",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"function": "sc_pkcs15emu_sc_hsm_init",
"file": "src/libopensc/pkcs15-sc-hsm.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"length": 6385.0,
"function_hash": "3601200181852955403230350787482029340"
},
"deprecated": false,
"id": "CVE-2018-16419-1d16052d",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/libopensc/sc.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"threshold": 0.9,
"line_hashes": [
"177921028135058265830405297954293672054",
"299996131515017520667429232285183170350",
"208610982332766045388276120179790241671",
"151360034371372479209290112909957341284"
]
},
"deprecated": false,
"id": "CVE-2018-16419-1e47467f",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"function": "read_public_key",
"file": "src/tools/cryptoflex-tool.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"length": 900.0,
"function_hash": "211357944350941154032202650742391697888"
},
"deprecated": false,
"id": "CVE-2018-16419-2a2c565d",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/libopensc/card-cac.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"threshold": 0.9,
"line_hashes": [
"180997872810827503776550627596057610293",
"163181184741832334222622577538376576800",
"295584529879602039420667828216198547267",
"178878409965885542681033683125132049375"
]
},
"deprecated": false,
"id": "CVE-2018-16419-3010659d",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/tools/egk-tool.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"threshold": 0.9,
"line_hashes": [
"60194579827802047239071052627609596123",
"336562014831331879228526401831414353461",
"64856043631244063980538676876814095534",
"215577835530444328041456047591925585022"
]
},
"deprecated": false,
"id": "CVE-2018-16419-376fa95f",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/libopensc/card-epass2003.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"threshold": 0.9,
"line_hashes": [
"50089616092642694722495152257871806558",
"129090270381902937559966690903769976004",
"194204289983092010055155575685654392737",
"45078233133659491793302210458452893622",
"17048660723993156470457524797781597423",
"91678529902572139490964807264491437655",
"226903748607216912199596345292033996604",
"147778325612397487462815129713062729938"
]
},
"deprecated": false,
"id": "CVE-2018-16419-3fcffabe",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/libopensc/card-muscle.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"threshold": 0.9,
"line_hashes": [
"250976598612894953921816414524457847426",
"329666269851755966857616801842498328952",
"19008280521317996949758254284125827774",
"177630364593721804175269770290181932638",
"24060003670950065524817680602091604756",
"89796380591064851615137692110354998869",
"216849173512820984644230172572648107300",
"320057497106042614487543469866971329847"
]
},
"deprecated": false,
"id": "CVE-2018-16419-4c1e03e7",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/tools/cryptoflex-tool.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"threshold": 0.9,
"line_hashes": [
"274547891528856582298764442486655688352",
"97810758309473749134017944501921098585",
"124309428883519806033819612118108239208",
"37541873294839517359746908680105660492",
"311258109344094285940934742868419197417",
"172944704662178634957673636699151796903",
"246803547979912446391600656798309090247",
"277510741662249105929233718888949218741",
"231468131297730207443287027598089995813",
"172944704662178634957673636699151796903"
]
},
"deprecated": false,
"id": "CVE-2018-16419-52ed392b",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"function": "sc_file_set_sec_attr",
"file": "src/libopensc/sc.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"length": 602.0,
"function_hash": "53435621884516961795550514721669502530"
},
"deprecated": false,
"id": "CVE-2018-16419-54015c1f",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/libopensc/pkcs15-sc-hsm.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"threshold": 0.9,
"line_hashes": [
"197179338693329959337574733795721366011",
"181499596042145963708832815578185416673",
"115686202300605459028130681808916083323",
"32469362041368729738471244151727158581",
"70975519517677111108240587619915187754",
"97564755112860652651284748958326495761",
"54722519292892086896767483020852733567",
"164698281020407393870005573215208205002"
]
},
"deprecated": false,
"id": "CVE-2018-16419-63c4d150",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"function": "read_private_key",
"file": "src/tools/cryptoflex-tool.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"length": 1026.0,
"function_hash": "303959976683711236987735509196219450362"
},
"deprecated": false,
"id": "CVE-2018-16419-7bc53b8f",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"function": "read_file",
"file": "src/tools/egk-tool.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"length": 549.0,
"function_hash": "274405994782023040229606639159304615881"
},
"deprecated": false,
"id": "CVE-2018-16419-7e6a598b",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"function": "epass2003_sm_unwrap_apdu",
"file": "src/libopensc/card-epass2003.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"length": 854.0,
"function_hash": "243539145408573173791081355314366755475"
},
"deprecated": false,
"id": "CVE-2018-16419-893c7ffe",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"function": "muscle_list_files",
"file": "src/libopensc/card-muscle.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"length": 642.0,
"function_hash": "145994158574777877406945467475522326317"
},
"deprecated": false,
"id": "CVE-2018-16419-b2a32803",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/tools/util.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"threshold": 0.9,
"line_hashes": [
"35700710565449482466961057702051773391",
"338848126074617841669023222188166574042",
"85193061301796843207587396052783037418",
"201328038495423799265820585956823551600",
"227092369676207675362403595507749640557",
"119207481776238519336941479755834020817",
"255421454904442896237866729116323676848"
]
},
"deprecated": false,
"id": "CVE-2018-16419-b34a839c",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/libopensc/pkcs15-esteid.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"threshold": 0.9,
"line_hashes": [
"228609031766473617867107821980241461018",
"1017328676681920338293166622495075509",
"13781630178052024411041230002274540200",
"144901520378832140047242421204389340446"
]
},
"deprecated": false,
"id": "CVE-2018-16419-b7bafe9a",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"function": "sc_pkcs15emu_esteid_init",
"file": "src/libopensc/pkcs15-esteid.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"length": 4678.0,
"function_hash": "336629111418218581493741938757605402880"
},
"deprecated": false,
"id": "CVE-2018-16419-bc480e08",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"function": "gemsafe_get_cert_len",
"file": "src/libopensc/pkcs15-gemsafeV1.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"length": 2589.0,
"function_hash": "319333348733057023251779547878790261198"
},
"deprecated": false,
"id": "CVE-2018-16419-dc348323",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"function": "tcos_select_file",
"file": "src/libopensc/card-tcos.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"length": 3120.0,
"function_hash": "264141390716061088029320022699475026986"
},
"deprecated": false,
"id": "CVE-2018-16419-ecaf1d1f",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"function": "decrypt_response",
"file": "src/libopensc/card-epass2003.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"length": 1112.0,
"function_hash": "64917057538921793471670086378052155976"
},
"deprecated": false,
"id": "CVE-2018-16419-f98248a3",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/libopensc/pkcs15-gemsafeV1.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"threshold": 0.9,
"line_hashes": [
"136893413313444237524668276446520478241",
"56761857713378916379142858959238642314",
"157439786862763906236340660357414583763",
"122716676019555905785832020813798376114"
]
},
"deprecated": false,
"id": "CVE-2018-16419-fac32456",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"function": "cac_get_serial_nr_from_CUID",
"file": "src/libopensc/card-cac.c"
},
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"digest": {
"length": 572.0,
"function_hash": "56864691758844525895391192766386179059"
},
"deprecated": false,
"id": "CVE-2018-16419-fc70b896",
"signature_type": "Function"
}
]