CVE-2019-19479

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.

References

Affected packages

Git / github.com/opensc/opensc

Affected ranges

Type: GIT
Repo: https://github.com/opensc/opensc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c3f23b836e5a1766c36617fe1da30d22f7b63de2

Affected versions

0.*

0.12.2

0.12.2-rc1

0.13.0

0.13.0pre1

0.13.0rc1

0.14.0

0.14.0rc2

0.14.0rtm

0.15.0

0.16.0

0.16.0-rc1

0.16.0-rc2

0.17.0

0.17.0-rc1

0.17.0-rc2

0.18.0

0.18.0-rc1

0.18.0-rc2

0.19.0

0.19.0-rc1

0.20.0-rc1

0.20.0-rc2

0.20.0-rc3

v0.*

v0.12.2

v0.16.0-pre1

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/opensc/opensc/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "312700537045446842476960619232256392914",
                "12577001211443987501834181150640691110",
                "19328322763717515580348095176242147780",
                "118003578808881612881485274894912018341"
            ]
        },
        "target": {
            "file": "src/libopensc/card-setcos.c"
        },
        "id": "CVE-2019-19479-6e9084bd"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/opensc/opensc/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2",
        "signature_type": "Function",
        "digest": {
            "function_hash": "291474278857799130683909883402632931015",
            "length": 2436.0
        },
        "target": {
            "function": "parse_sec_attr_44",
            "file": "src/libopensc/card-setcos.c"
        },
        "id": "CVE-2019-19479-f6e42b74"
    }
]