OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1decodeentry in libopensc/asn1.c.
[ { "source": "https://github.com/opensc/opensc/commit/a3fc7693f3a035a8a7921cffb98432944bb42740", "deprecated": false, "target": { "file": "src/libopensc/asn1.c" }, "digest": { "line_hashes": [ "144373587500690818507003904206410356003", "148102426093319846627226247161866438541", "152613503459311009974684643923559563409", "189033476452025105233726194714004011925" ], "threshold": 0.9 }, "id": "CVE-2019-15946-474477e2", "signature_type": "Line", "signature_version": "v1" }, { "source": "https://github.com/opensc/opensc/commit/a3fc7693f3a035a8a7921cffb98432944bb42740", "deprecated": false, "target": { "file": "src/libopensc/asn1.c", "function": "asn1_decode_entry" }, "digest": { "function_hash": "261759861244261629003110721538662186476", "length": 4599.0 }, "id": "CVE-2019-15946-762eb016", "signature_type": "Function", "signature_version": "v1" } ]