CVE-2018-16426
- Source
- https://cve.org/CVERecord?id=CVE-2018-16426
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16426.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-16426
- Downstream
- Related
- Published
- 2018-09-04T00:29:01.293Z
- Modified
- 2026-02-03T07:51:21.751382Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Endless recursion when handling responses from an IAS-ECC card in iaseccselectfile in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.
- References
-
- https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html
- https://access.redhat.com/errata/RHSA-2019:2154
- https://github.com/OpenSC/OpenSC/commit/03628449b75a93787eb2359412a3980365dda49b#diff-f8c0128e14031ed9307d47f10f601b54
- https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1
- https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
- https://github.com/OpenSC/OpenSC/commit/03628449b75a93787eb2359412a3980365dda49b#diff-f8c0128e14031ed9307d47f10f601b54
- https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1
- https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
Affected packages
Git / github.com/opensc/opensc
Affected ranges
- Type
- GIT
- Repo
- https://github.com/opensc/opensc
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.12.2
0.12.2-rc1
0.13.0
0.13.0pre1
0.13.0rc1
0.14.0
0.14.0rc2
0.14.0rtm
0.15.0
0.16.0
0.16.0-rc1
0.16.0-rc2
0.17.0
0.17.0-rc1
0.17.0-rc2
0.18.0
0.18.0-rc1
0.18.0-rc2
v0.*
v0.12.2
v0.16.0-pre1
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"target": {
"file": "src/libopensc/card-iasecc.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"305669692155909973520627135751357879527",
"251334081477015221125990730745505354601",
"134406522267042626252050150832528287567",
"277782198091582563343361403567242913780",
"88565159515008359977172308201979753609",
"193030754571378948556834261188099873612",
"196755580204196598803093232732591052103",
"306278050986908628292519813156819136996",
"3780710711739340700126246012584124474",
"46058005536107373500213102097167255621",
"253231763253972024815246637268084374733"
]
},
"source": "https://github.com/opensc/opensc/commit/03628449b75a93787eb2359412a3980365dda49b",
"id": "CVE-2018-16426-40a18c97",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"file": "src/libopensc/card-iasecc.c",
"function": "iasecc_select_file"
},
"deprecated": false,
"digest": {
"length": 6798.0,
"function_hash": "329899996166684623670025108497191726919"
},
"source": "https://github.com/opensc/opensc/commit/03628449b75a93787eb2359412a3980365dda49b",
"id": "CVE-2018-16426-d1f99eb9",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16426.json"