An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.
{ "vanir_signatures": [ { "target": { "file": "src/libopensc/card-cac1.c", "function": "cac_read_binary" }, "id": "CVE-2019-19481-98aec3cf", "signature_version": "v1", "digest": { "length": 1804.0, "function_hash": "189796757233420035366764386465414775224" }, "source": "https://github.com/opensc/opensc/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278", "deprecated": false, "signature_type": "Function" }, { "target": { "file": "src/libopensc/card-cac1.c", "function": "cac_cac1_get_certificate" }, "id": "CVE-2019-19481-aa771868", "signature_version": "v1", "digest": { "length": 1216.0, "function_hash": "172535176475497180497442667315780321309" }, "source": "https://github.com/opensc/opensc/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278", "deprecated": false, "signature_type": "Function" }, { "target": { "file": "src/libopensc/card-cac1.c" }, "id": "CVE-2019-19481-b7662d5f", "signature_version": "v1", "digest": { "line_hashes": [ "111373285869590301901788120333576930100", "77698511683037410575331158082653756719", "273616107659295731614926021083627764066", "334827262301003682911591777866694837779", "35167700645591702568842934822718756163", "167916283527506075229918457864510764679", "160637723847752232309012385792564332546", "67766559596816410963586224821672125746", "161170193942755711454602625320675028848", "256643953941796997051543871300579042697", "33270032802398029811089922548528544589", "82441505421696923204806749368486025678", "292129794305514931969203314138896501785", "236733298990358685809239477618104150189", "114860608003072413783369965954260825910", "217391383372655397584067361156904254766", "136231979249826060844140870900669231875", "8071045375367627834132348254841800521" ], "threshold": 0.9 }, "source": "https://github.com/opensc/opensc/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278", "deprecated": false, "signature_type": "Line" } ] }