OpenSC before 0.20.0 has a double free in coolkeyfreeprivatedata because coolkeyadd_object in libopensc/card-coolkey.c lacks a uniqueness check.
[ { "signature_type": "Line", "id": "CVE-2019-20792-3c6d3c4a", "source": "https://github.com/opensc/opensc/commit/c246f6f69a749d4f68626b40795a4f69168008f4", "signature_version": "v1", "target": { "file": "src/libopensc/card-coolkey.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "230985030794508757992760968719559967350", "310435344726459438381937301013045244530", "288673917574911987998876666203952460375" ] }, "deprecated": false }, { "signature_type": "Function", "id": "CVE-2019-20792-f5fba478", "source": "https://github.com/opensc/opensc/commit/c246f6f69a749d4f68626b40795a4f69168008f4", "signature_version": "v1", "target": { "function": "coolkey_add_object", "file": "src/libopensc/card-coolkey.c" }, "digest": { "function_hash": "81983556100758335818887154183925867305", "length": 716.0 }, "deprecated": false } ]