CVE-2018-16423

A double free when handling responses from a smartcard in scfilesetsecattr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
References
Affected packages

Git / github.com/opensc/opensc

Affected ranges

Type: GIT
Repo: https://github.com/opensc/opensc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

360e95d45ac4123255a4c796db96337f332160ad

Fixed

b5a6f9aa6e5a8d0d2e7344319650af7f37a68581
Affected versions

0.*

0.12.2
0.12.2-rc1
0.13.0
0.13.0pre1
0.13.0rc1
0.14.0
0.14.0rc2
0.14.0rtm
0.15.0
0.16.0
0.16.0-rc1
0.16.0-rc2
0.17.0
0.17.0-rc1
0.17.0-rc2
0.18.0
0.18.0-rc1
0.18.0-rc2
v0.*

v0.12.2
v0.16.0-pre1
Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "target": {
            "file": "src/tools/util.c",
            "function": "util_acl_to_str"
        },
        "signature_type": "Function",
        "id": "CVE-2018-16423-0b99bc9e",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "length": 1384.0,
            "function_hash": "271210299797610273157981141979724814179"
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/libopensc/card-tcos.c"
        },
        "signature_type": "Line",
        "id": "CVE-2018-16423-0c147fac",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "line_hashes": [
                "233481318598077239565688734290162833015",
                "97939052609524587507400894812109442123",
                "204087041383039004585492653448018035520",
                "131445439589440703229908460382952763572",
                "278834472465471595746656920320176494705",
                "139222638798623248043302620018254649039",
                "175896651905048379003378018399321379111",
                "224505982217859260857118268338313184916",
                "65206650238824587225114345289817012170"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/libopensc/pkcs15-sc-hsm.c",
            "function": "sc_pkcs15emu_sc_hsm_init"
        },
        "signature_type": "Function",
        "id": "CVE-2018-16423-1d16052d",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "length": 6385.0,
            "function_hash": "3601200181852955403230350787482029340"
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/libopensc/sc.c"
        },
        "signature_type": "Line",
        "id": "CVE-2018-16423-1e47467f",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "line_hashes": [
                "177921028135058265830405297954293672054",
                "299996131515017520667429232285183170350",
                "208610982332766045388276120179790241671",
                "151360034371372479209290112909957341284"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/tools/cryptoflex-tool.c",
            "function": "read_public_key"
        },
        "signature_type": "Function",
        "id": "CVE-2018-16423-2a2c565d",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "length": 900.0,
            "function_hash": "211357944350941154032202650742391697888"
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/libopensc/card-cac.c"
        },
        "signature_type": "Line",
        "id": "CVE-2018-16423-3010659d",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "line_hashes": [
                "180997872810827503776550627596057610293",
                "163181184741832334222622577538376576800",
                "295584529879602039420667828216198547267",
                "178878409965885542681033683125132049375"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/tools/egk-tool.c"
        },
        "signature_type": "Line",
        "id": "CVE-2018-16423-376fa95f",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "line_hashes": [
                "60194579827802047239071052627609596123",
                "336562014831331879228526401831414353461",
                "64856043631244063980538676876814095534",
                "215577835530444328041456047591925585022"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/libopensc/card-epass2003.c"
        },
        "signature_type": "Line",
        "id": "CVE-2018-16423-3fcffabe",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "line_hashes": [
                "50089616092642694722495152257871806558",
                "129090270381902937559966690903769976004",
                "194204289983092010055155575685654392737",
                "45078233133659491793302210458452893622",
                "17048660723993156470457524797781597423",
                "91678529902572139490964807264491437655",
                "226903748607216912199596345292033996604",
                "147778325612397487462815129713062729938"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/libopensc/card-muscle.c"
        },
        "signature_type": "Line",
        "id": "CVE-2018-16423-4c1e03e7",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "line_hashes": [
                "250976598612894953921816414524457847426",
                "329666269851755966857616801842498328952",
                "19008280521317996949758254284125827774",
                "177630364593721804175269770290181932638",
                "24060003670950065524817680602091604756",
                "89796380591064851615137692110354998869",
                "216849173512820984644230172572648107300",
                "320057497106042614487543469866971329847"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/tools/cryptoflex-tool.c"
        },
        "signature_type": "Line",
        "id": "CVE-2018-16423-52ed392b",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "line_hashes": [
                "274547891528856582298764442486655688352",
                "97810758309473749134017944501921098585",
                "124309428883519806033819612118108239208",
                "37541873294839517359746908680105660492",
                "311258109344094285940934742868419197417",
                "172944704662178634957673636699151796903",
                "246803547979912446391600656798309090247",
                "277510741662249105929233718888949218741",
                "231468131297730207443287027598089995813",
                "172944704662178634957673636699151796903"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/libopensc/sc.c",
            "function": "sc_file_set_sec_attr"
        },
        "signature_type": "Function",
        "id": "CVE-2018-16423-54015c1f",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "length": 602.0,
            "function_hash": "53435621884516961795550514721669502530"
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/libopensc/pkcs15-sc-hsm.c"
        },
        "signature_type": "Line",
        "id": "CVE-2018-16423-63c4d150",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "line_hashes": [
                "197179338693329959337574733795721366011",
                "181499596042145963708832815578185416673",
                "115686202300605459028130681808916083323",
                "32469362041368729738471244151727158581",
                "70975519517677111108240587619915187754",
                "97564755112860652651284748958326495761",
                "54722519292892086896767483020852733567",
                "164698281020407393870005573215208205002"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/tools/cryptoflex-tool.c",
            "function": "read_private_key"
        },
        "signature_type": "Function",
        "id": "CVE-2018-16423-7bc53b8f",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "length": 1026.0,
            "function_hash": "303959976683711236987735509196219450362"
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/tools/egk-tool.c",
            "function": "read_file"
        },
        "signature_type": "Function",
        "id": "CVE-2018-16423-7e6a598b",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "length": 549.0,
            "function_hash": "274405994782023040229606639159304615881"
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/libopensc/card-epass2003.c",
            "function": "epass2003_sm_unwrap_apdu"
        },
        "signature_type": "Function",
        "id": "CVE-2018-16423-893c7ffe",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "length": 854.0,
            "function_hash": "243539145408573173791081355314366755475"
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/libopensc/card-muscle.c",
            "function": "muscle_list_files"
        },
        "signature_type": "Function",
        "id": "CVE-2018-16423-b2a32803",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "length": 642.0,
            "function_hash": "145994158574777877406945467475522326317"
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/tools/util.c"
        },
        "signature_type": "Line",
        "id": "CVE-2018-16423-b34a839c",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "line_hashes": [
                "35700710565449482466961057702051773391",
                "338848126074617841669023222188166574042",
                "85193061301796843207587396052783037418",
                "201328038495423799265820585956823551600",
                "227092369676207675362403595507749640557",
                "119207481776238519336941479755834020817",
                "255421454904442896237866729116323676848"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/libopensc/pkcs15-esteid.c"
        },
        "signature_type": "Line",
        "id": "CVE-2018-16423-b7bafe9a",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "line_hashes": [
                "228609031766473617867107821980241461018",
                "1017328676681920338293166622495075509",
                "13781630178052024411041230002274540200",
                "144901520378832140047242421204389340446"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/libopensc/pkcs15-esteid.c",
            "function": "sc_pkcs15emu_esteid_init"
        },
        "signature_type": "Function",
        "id": "CVE-2018-16423-bc480e08",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "length": 4678.0,
            "function_hash": "336629111418218581493741938757605402880"
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/libopensc/pkcs15-gemsafeV1.c",
            "function": "gemsafe_get_cert_len"
        },
        "signature_type": "Function",
        "id": "CVE-2018-16423-dc348323",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "length": 2589.0,
            "function_hash": "319333348733057023251779547878790261198"
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/libopensc/card-tcos.c",
            "function": "tcos_select_file"
        },
        "signature_type": "Function",
        "id": "CVE-2018-16423-ecaf1d1f",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "length": 3120.0,
            "function_hash": "264141390716061088029320022699475026986"
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/libopensc/card-epass2003.c",
            "function": "decrypt_response"
        },
        "signature_type": "Function",
        "id": "CVE-2018-16423-f98248a3",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "length": 1112.0,
            "function_hash": "64917057538921793471670086378052155976"
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/libopensc/pkcs15-gemsafeV1.c"
        },
        "signature_type": "Line",
        "id": "CVE-2018-16423-fac32456",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "line_hashes": [
                "136893413313444237524668276446520478241",
                "56761857713378916379142858959238642314",
                "157439786862763906236340660357414583763",
                "122716676019555905785832020813798376114"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/libopensc/card-cac.c",
            "function": "cac_get_serial_nr_from_CUID"
        },
        "signature_type": "Function",
        "id": "CVE-2018-16423-fc70b896",
        "source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
        "digest": {
            "length": 572.0,
            "function_hash": "56864691758844525895391192766386179059"
        },
        "signature_version": "v1"
    }
]