N/A

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.

N/A

内存缓冲区边界内操作的限制不恰当

OpenSC 缓冲区错误漏洞

OpenSC是一款开源的智能卡工具和中间件。 OpenSC存在安全漏洞，该漏洞源于缓冲区溢出，攻击者利用该漏洞可以进行堆的缓冲区越权读取。

N/A

N/A