Vulnerabilites related to muscle - pcsc-lite
cve-2010-0407
Vulnerability from cvelistv5
Published
2010-06-18 16:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40758"
},
{
"name": "DSA-2059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4208"
},
{
"name": "40239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40239"
},
{
"name": "FEDORA-2010-10764",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html"
},
{
"name": "40140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40140"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "ADV-2010-1427",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"name": "FEDORA-2010-9995",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"name": "ADV-2010-1508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"name": "FEDORA-2010-10014",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40758"
},
{
"name": "DSA-2059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4208"
},
{
"name": "40239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40239"
},
{
"name": "FEDORA-2010-10764",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html"
},
{
"name": "40140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40140"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "ADV-2010-1427",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"name": "FEDORA-2010-9995",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"name": "ADV-2010-1508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"name": "FEDORA-2010-10014",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40758"
},
{
"name": "DSA-2059",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"name": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4208",
"refsource": "CONFIRM",
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4208"
},
{
"name": "40239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40239"
},
{
"name": "FEDORA-2010-10764",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html"
},
{
"name": "40140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40140"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "ADV-2010-1427",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"name": "FEDORA-2010-9995",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"name": "ADV-2010-1508",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=596426",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"name": "FEDORA-2010-10014",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0407",
"datePublished": "2010-06-18T16:00:00",
"dateReserved": "2010-01-27T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4531
Vulnerability from cvelistv5
Published
2011-01-18 17:00
Modified
2024-08-07 03:51
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2011-0123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053095.html"
},
{
"name": "ADV-2011-0180",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0180"
},
{
"name": "FEDORA-2011-0164",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053079.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781"
},
{
"name": "[oss-security] 20101222 CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/22/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4531"
},
{
"name": "42912",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42912"
},
{
"name": "ADV-2011-0256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0256"
},
{
"name": "ADV-2011-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0101"
},
{
"name": "ADV-2010-3264",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3264"
},
{
"name": "[Pcsclite-cvs-commit] 20101103 r5370 - /trunk/PCSC/src/atrhandler.c",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html"
},
{
"name": "43112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43112"
},
{
"name": "45450",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45450"
},
{
"name": "[oss-security] 20110103 Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/3"
},
{
"name": "DSA-2156",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2156"
},
{
"name": "MDVSA-2011:015",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-22T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2011-0123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053095.html"
},
{
"name": "ADV-2011-0180",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0180"
},
{
"name": "FEDORA-2011-0164",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053079.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781"
},
{
"name": "[oss-security] 20101222 CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/22/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4531"
},
{
"name": "42912",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42912"
},
{
"name": "ADV-2011-0256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0256"
},
{
"name": "ADV-2011-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0101"
},
{
"name": "ADV-2010-3264",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3264"
},
{
"name": "[Pcsclite-cvs-commit] 20101103 r5370 - /trunk/PCSC/src/atrhandler.c",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html"
},
{
"name": "43112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43112"
},
{
"name": "45450",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45450"
},
{
"name": "[oss-security] 20110103 Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/3"
},
{
"name": "DSA-2156",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2156"
},
{
"name": "MDVSA-2011:015",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:015"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4531",
"datePublished": "2011-01-18T17:00:00",
"dateReserved": "2010-12-09T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10109
Vulnerability from cvelistv5
Published
2017-02-23 20:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201702-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3176-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2017/dsa-3752 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/95263 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2017/01/03/3 | mailing-list, x_refsource_MLIST | |
| https://salsa.debian.org/rousseau/PCSC/-/commit/697fe05967af7ea215bcd5d5774be587780c9e22 | x_refsource_CONFIRM | |
| https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:32.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201702-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-01"
},
{
"name": "USN-3176-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3176-1"
},
{
"name": "[pcsclite-muscle] 20161226 New pcsc-lite 1.8.20",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html"
},
{
"name": "DSA-3752",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3752"
},
{
"name": "95263",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95263"
},
{
"name": "[oss-security] 20170103 Re: CVE Request: pcsc-lite use-after-free and double-free",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/03/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://salsa.debian.org/rousseau/PCSC/-/commit/697fe05967af7ea215bcd5d5774be587780c9e22"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses \"cardsList\" after the handle has been released through the SCardReleaseContext function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:07:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201702-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-01"
},
{
"name": "USN-3176-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3176-1"
},
{
"name": "[pcsclite-muscle] 20161226 New pcsc-lite 1.8.20",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html"
},
{
"name": "DSA-3752",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3752"
},
{
"name": "95263",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95263"
},
{
"name": "[oss-security] 20170103 Re: CVE Request: pcsc-lite use-after-free and double-free",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/03/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://salsa.debian.org/rousseau/PCSC/-/commit/697fe05967af7ea215bcd5d5774be587780c9e22"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses \"cardsList\" after the handle has been released through the SCardReleaseContext function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-01"
},
{
"name": "USN-3176-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3176-1"
},
{
"name": "[pcsclite-muscle] 20161226 New pcsc-lite 1.8.20",
"refsource": "MLIST",
"url": "https://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html"
},
{
"name": "DSA-3752",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3752"
},
{
"name": "95263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95263"
},
{
"name": "[oss-security] 20170103 Re: CVE Request: pcsc-lite use-after-free and double-free",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/03/3"
},
{
"name": "https://salsa.debian.org/rousseau/PCSC/-/commit/697fe05967af7ea215bcd5d5774be587780c9e22",
"refsource": "CONFIRM",
"url": "https://salsa.debian.org/rousseau/PCSC/-/commit/697fe05967af7ea215bcd5d5774be587780c9e22"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10109",
"datePublished": "2017-02-23T20:00:00",
"dateReserved": "2017-01-03T00:00:00",
"dateUpdated": "2024-08-06T03:07:32.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4902
Vulnerability from cvelistv5
Published
2010-06-18 16:00
Modified
2024-08-07 07:17
Severity ?
EPSS score ?
Summary
Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/40758 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2010/dsa-2059 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/40239 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/40140 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2010/1427 | vdb-entry, x_refsource_VUPEN | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html | vendor-advisory, x_refsource_FEDORA | |
| http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4334 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/1508 | vdb-entry, x_refsource_VUPEN | |
| https://bugzilla.redhat.com/show_bug.cgi?id=596426 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40758"
},
{
"name": "DSA-2059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"name": "40239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40239"
},
{
"name": "FEDORA-2010-10764",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html"
},
{
"name": "40140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40140"
},
{
"name": "ADV-2010-1427",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"name": "FEDORA-2010-9995",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4334"
},
{
"name": "ADV-2010-1508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"name": "FEDORA-2010-10014",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-08-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40758"
},
{
"name": "DSA-2059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"name": "40239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40239"
},
{
"name": "FEDORA-2010-10764",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html"
},
{
"name": "40140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40140"
},
{
"name": "ADV-2010-1427",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"name": "FEDORA-2010-9995",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4334"
},
{
"name": "ADV-2010-1508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"name": "FEDORA-2010-10014",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40758"
},
{
"name": "DSA-2059",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"name": "40239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40239"
},
{
"name": "FEDORA-2010-10764",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html"
},
{
"name": "40140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40140"
},
{
"name": "ADV-2010-1427",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"name": "FEDORA-2010-9995",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"name": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4334",
"refsource": "CONFIRM",
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4334"
},
{
"name": "ADV-2010-1508",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=596426",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"name": "FEDORA-2010-10014",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4902",
"datePublished": "2010-06-18T16:00:00",
"dateReserved": "2010-06-18T00:00:00",
"dateUpdated": "2024-08-07T07:17:25.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4530
Vulnerability from cvelistv5
Published
2011-01-18 17:00
Modified
2024-08-07 03:51
Severity ?
EPSS score ?
Summary
Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20101222 CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/22/7"
},
{
"name": "RHSA-2013:1323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1323.html"
},
{
"name": "45806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45806"
},
{
"name": "FEDORA-2011-0143",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053097.html"
},
{
"name": "ADV-2011-0100",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0100"
},
{
"name": "FEDORA-2011-0162",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053076.html"
},
{
"name": "ADV-2011-0179",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0179"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "MDVSA-2011:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:014"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=664986"
},
{
"name": "[oss-security] 20110103 Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/3"
},
{
"name": "pcsclite-ccid-code-execution(64961)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64961"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20101222 CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/22/7"
},
{
"name": "RHSA-2013:1323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1323.html"
},
{
"name": "45806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45806"
},
{
"name": "FEDORA-2011-0143",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053097.html"
},
{
"name": "ADV-2011-0100",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0100"
},
{
"name": "FEDORA-2011-0162",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053076.html"
},
{
"name": "ADV-2011-0179",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0179"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "MDVSA-2011:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:014"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=664986"
},
{
"name": "[oss-security] 20110103 Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/3"
},
{
"name": "pcsclite-ccid-code-execution(64961)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64961"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4530",
"datePublished": "2011-01-18T17:00:00",
"dateReserved": "2010-12-09T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4901
Vulnerability from cvelistv5
Published
2010-06-18 16:00
Modified
2024-08-07 07:17
Severity ?
EPSS score ?
Summary
The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/40758 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2010/dsa-2059 | vendor-advisory, x_refsource_DEBIAN | |
| http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4208 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/40239 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/40140 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2010/1427 | vdb-entry, x_refsource_VUPEN | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.vupen.com/english/advisories/2010/1508 | vdb-entry, x_refsource_VUPEN | |
| http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=596426 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40758"
},
{
"name": "DSA-2059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4208"
},
{
"name": "40239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40239"
},
{
"name": "40140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40140"
},
{
"name": "ADV-2010-1427",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"name": "FEDORA-2010-9995",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"name": "ADV-2010-1508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"name": "FEDORA-2010-10014",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40758"
},
{
"name": "DSA-2059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4208"
},
{
"name": "40239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40239"
},
{
"name": "40140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40140"
},
{
"name": "ADV-2010-1427",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"name": "FEDORA-2010-9995",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"name": "ADV-2010-1508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"name": "FEDORA-2010-10014",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40758"
},
{
"name": "DSA-2059",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"name": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4208",
"refsource": "CONFIRM",
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4208"
},
{
"name": "40239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40239"
},
{
"name": "40140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40140"
},
{
"name": "ADV-2010-1427",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"name": "FEDORA-2010-9995",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"name": "ADV-2010-1508",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=596426",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"name": "FEDORA-2010-10014",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4901",
"datePublished": "2010-06-18T16:00:00",
"dateReserved": "2010-06-18T00:00:00",
"dateUpdated": "2024-08-07T07:17:25.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-06-18 16:30
Modified
2024-11-21 01:10
Severity ?
Summary
Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| muscle | pcsc-lite | * | |
| muscle | pcsc-lite | 1.1.2 | |
| muscle | pcsc-lite | 1.1.2 | |
| muscle | pcsc-lite | 1.1.2 | |
| muscle | pcsc-lite | 1.1.2 | |
| muscle | pcsc-lite | 1.2.0 | |
| muscle | pcsc-lite | 1.2.0 | |
| muscle | pcsc-lite | 1.2.0 | |
| muscle | pcsc-lite | 1.2.0 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.3.0 | |
| muscle | pcsc-lite | 1.3.1 | |
| muscle | pcsc-lite | 1.3.2 | |
| muscle | pcsc-lite | 1.3.3 | |
| muscle | pcsc-lite | 1.4.0 | |
| muscle | pcsc-lite | 1.4.1 | |
| muscle | pcsc-lite | 1.4.2 | |
| muscle | pcsc-lite | 1.4.3 | |
| muscle | pcsc-lite | 1.4.4 | |
| muscle | pcsc-lite | 1.4.99 | |
| muscle | pcsc-lite | 1.4.100 | |
| muscle | pcsc-lite | 1.4.101 | |
| muscle | pcsc-lite | 1.4.102 | |
| muscle | pcsc-lite | 1.5.0 | |
| muscle | pcsc-lite | 1.5.1 | |
| muscle | pcsc-lite | 1.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC4E5582-D9D2-46EC-BDB2-BDB2B0C4760A",
"versionEndIncluding": "1.5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.1.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "78E8EB5C-5E71-48A8-B09B-F2644F13A3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.1.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "CAA8E0DE-C019-4633-A946-A7E175AD23B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.1.2:beta4:*:*:*:*:*:*",
"matchCriteriaId": "903F0D60-D275-47CB-93C2-EAE20466C2E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.1.2:beta5:*:*:*:*:*:*",
"matchCriteriaId": "B1004154-C058-448C-9C50-ABF2174FA262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46A00763-D902-402F-BC4B-2E47B08F50D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "65D08B7A-4318-4FB8-A149-258BAC8317C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBCC7E79-FAAB-40C1-A963-45469DC2B8AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AC8CEF5A-8696-453C-8E0F-EA1F60DF6A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3595AD01-5244-4848-85CD-EDCE981ED122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta10:*:*:*:*:*:*",
"matchCriteriaId": "EC5FBA06-86F2-4154-A075-A91CFECA0077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2F0D22D4-4132-42B1-9582-F19F906F52A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C6A4D149-3DBF-4E0F-8BAB-4BD41EF92753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta4:*:*:*:*:*:*",
"matchCriteriaId": "9D74FC75-36ED-4F67-993D-75D75D84D0C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta5:*:*:*:*:*:*",
"matchCriteriaId": "C1D2AB67-7DA8-489C-A41E-5E44FCF47077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta6:*:*:*:*:*:*",
"matchCriteriaId": "BA18C77F-A0E4-454A-B457-CBA1596EC8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta7:*:*:*:*:*:*",
"matchCriteriaId": "8EB00053-2D08-413E-A99C-2F280D4C09B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta8:*:*:*:*:*:*",
"matchCriteriaId": "05927DD0-FF2F-4C00-8343-E2A2C0444AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta9:*:*:*:*:*:*",
"matchCriteriaId": "9C8EAAEE-6DA1-4BFA-B2CE-DE7326A16901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FBECF-7A1A-4A85-ACDB-BAFA1CBB2FB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77E63206-188B-411A-B922-EBF1156DF8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAD5268-CC5F-4A02-BDFF-781ED5F09862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B607020-8BE6-42DE-808C-D39EDF9865CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3DDB2F-0287-45AF-8D1E-50A0FBAE933A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "710CCA42-8525-4498-BA91-0B13DA7880AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FDF41-D5DF-4C46-9925-C0A2967BD2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F8E2F7-6EF7-4628-B519-A475B3B0D452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63B0D255-1770-4B31-B20D-D1AC28AF0ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.99:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F2625B-142D-48C1-A81A-3F4F4E5753DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.100:*:*:*:*:*:*:*",
"matchCriteriaId": "55E8A018-D713-4A15-BDC3-F86BC3BDD5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.101:*:*:*:*:*:*:*",
"matchCriteriaId": "3ECC79CA-5489-49A9-8A4E-303693882E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.102:*:*:*:*:*:*:*",
"matchCriteriaId": "0E006C9C-49FB-465D-9C03-25AEBAAAA40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3C9309-E91A-4F9B-BFEE-DD273CB8C6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E53908-A49C-4E31-9BCE-4FD5DB78BD8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFCDCD9B-27A4-4591-93AA-38A60382FF41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n MSGFunctionDemarshall en winscard_svc.c en el demonio PC/SC Smart Card (tambi\u00e9n conocido como PCSCD) en MUSCLE PCSC-Lite v1.5.4 y anteriores, podr\u00eda permitir a usuarios locales ganar privilegios a trav\u00e9s de un mensaje de datos SCARF_CONTROL manipulado, que es deserializado de forma inadecuada. NOTA: esta vulnerabilidad existe debido a una correcci\u00f3n incompleta de CVE-2010-0407."
}
],
"id": "CVE-2009-4902",
"lastModified": "2024-11-21T01:10:44.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-18T16:30:01.280",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40140"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40239"
},
{
"source": "cve@mitre.org",
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4334"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/40758"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/40758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-18 18:03
Modified
2024-11-21 01:21
Severity ?
Summary
Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D80A3C82-3CCB-45C1-94A8-8AEF3BA5BF97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow."
},
{
"lang": "es",
"value": "Error de signo en ccid_serial.c para libccid en el controlador USB Chip/Smart Card Interface Devices (CCID), tal como se utiliza en pcscd para PCSC-Lite v1.5.3 y posiblemente otros productos, permite a atacantes f\u00edsicamente pr\u00f3ximos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una tarjeta inteligente con un n\u00famero de serie manipulado que hace que un valor negativo pueda ser utilizado en una operaci\u00f3n memcpy, que provoca un desbordamiento de b\u00fafer. NOTA: algunas fuentes se refieren a este problema como un desbordamiento de enteros."
}
],
"id": "CVE-2010-4530",
"lastModified": "2024-11-21T01:21:09.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-18T18:03:07.817",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053076.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053097.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1323.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:014"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/12/22/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45806"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0100"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0179"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=664986"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053076.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053097.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1323.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/12/22/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=664986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64961"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-18 16:30
Modified
2024-11-21 01:12
Severity ?
Summary
Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| muscle | pcsc-lite | * | |
| muscle | pcsc-lite | 1.1.2 | |
| muscle | pcsc-lite | 1.1.2 | |
| muscle | pcsc-lite | 1.1.2 | |
| muscle | pcsc-lite | 1.1.2 | |
| muscle | pcsc-lite | 1.2.0 | |
| muscle | pcsc-lite | 1.2.0 | |
| muscle | pcsc-lite | 1.2.0 | |
| muscle | pcsc-lite | 1.2.0 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.3.0 | |
| muscle | pcsc-lite | 1.3.1 | |
| muscle | pcsc-lite | 1.3.2 | |
| muscle | pcsc-lite | 1.3.3 | |
| muscle | pcsc-lite | 1.4.0 | |
| muscle | pcsc-lite | 1.4.1 | |
| muscle | pcsc-lite | 1.4.2 | |
| muscle | pcsc-lite | 1.4.3 | |
| muscle | pcsc-lite | 1.4.4 | |
| muscle | pcsc-lite | 1.4.99 | |
| muscle | pcsc-lite | 1.4.100 | |
| muscle | pcsc-lite | 1.4.101 | |
| muscle | pcsc-lite | 1.4.102 | |
| muscle | pcsc-lite | 1.5.0 | |
| muscle | pcsc-lite | 1.5.1 | |
| muscle | pcsc-lite | 1.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50F18AEC-160C-45E7-9554-0D39336DE4EA",
"versionEndIncluding": "1.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.1.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "78E8EB5C-5E71-48A8-B09B-F2644F13A3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.1.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "CAA8E0DE-C019-4633-A946-A7E175AD23B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.1.2:beta4:*:*:*:*:*:*",
"matchCriteriaId": "903F0D60-D275-47CB-93C2-EAE20466C2E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.1.2:beta5:*:*:*:*:*:*",
"matchCriteriaId": "B1004154-C058-448C-9C50-ABF2174FA262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46A00763-D902-402F-BC4B-2E47B08F50D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "65D08B7A-4318-4FB8-A149-258BAC8317C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBCC7E79-FAAB-40C1-A963-45469DC2B8AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AC8CEF5A-8696-453C-8E0F-EA1F60DF6A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3595AD01-5244-4848-85CD-EDCE981ED122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta10:*:*:*:*:*:*",
"matchCriteriaId": "EC5FBA06-86F2-4154-A075-A91CFECA0077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2F0D22D4-4132-42B1-9582-F19F906F52A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C6A4D149-3DBF-4E0F-8BAB-4BD41EF92753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta4:*:*:*:*:*:*",
"matchCriteriaId": "9D74FC75-36ED-4F67-993D-75D75D84D0C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta5:*:*:*:*:*:*",
"matchCriteriaId": "C1D2AB67-7DA8-489C-A41E-5E44FCF47077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta6:*:*:*:*:*:*",
"matchCriteriaId": "BA18C77F-A0E4-454A-B457-CBA1596EC8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta7:*:*:*:*:*:*",
"matchCriteriaId": "8EB00053-2D08-413E-A99C-2F280D4C09B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta8:*:*:*:*:*:*",
"matchCriteriaId": "05927DD0-FF2F-4C00-8343-E2A2C0444AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta9:*:*:*:*:*:*",
"matchCriteriaId": "9C8EAAEE-6DA1-4BFA-B2CE-DE7326A16901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FBECF-7A1A-4A85-ACDB-BAFA1CBB2FB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77E63206-188B-411A-B922-EBF1156DF8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAD5268-CC5F-4A02-BDFF-781ED5F09862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B607020-8BE6-42DE-808C-D39EDF9865CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3DDB2F-0287-45AF-8D1E-50A0FBAE933A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "710CCA42-8525-4498-BA91-0B13DA7880AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FDF41-D5DF-4C46-9925-C0A2967BD2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F8E2F7-6EF7-4628-B519-A475B3B0D452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63B0D255-1770-4B31-B20D-D1AC28AF0ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.99:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F2625B-142D-48C1-A81A-3F4F4E5753DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.100:*:*:*:*:*:*:*",
"matchCriteriaId": "55E8A018-D713-4A15-BDC3-F86BC3BDD5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.101:*:*:*:*:*:*:*",
"matchCriteriaId": "3ECC79CA-5489-49A9-8A4E-303693882E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.102:*:*:*:*:*:*:*",
"matchCriteriaId": "0E006C9C-49FB-465D-9C03-25AEBAAAA40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3C9309-E91A-4F9B-BFEE-DD273CB8C6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E53908-A49C-4E31-9BCE-4FD5DB78BD8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFCDCD9B-27A4-4591-93AA-38A60382FF41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled."
},
{
"lang": "es",
"value": "M\u00faltiple desbordamiento de b\u00fafer en la funci\u00f3n MSGFunctionDemarshall en winscard_svc.c en el demonio PC/SC Smart Card (tambi\u00e9n conocido como PCSCD) en MUSCLE PCSC-Lite anteriores a v1.5.4, permite a usuarios locales obtener privilegios a trav\u00e9s de los datos de un mensaje manipulados, que es deserializado de forma inadecuada."
}
],
"id": "CVE-2010-0407",
"lastModified": "2024-11-21T01:12:09.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-18T16:30:01.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40140"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40239"
},
{
"source": "cve@mitre.org",
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4208"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40758"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-23 20:59
Modified
2024-11-21 02:43
Severity ?
Summary
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| muscle | pcsc-lite | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 16.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50C54649-BEE7-4A63-A0E5-CC91D5B573F7",
"versionEndIncluding": "1.8.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFB20FA-CB00-4729-AB3A-816454C6D096",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses \"cardsList\" after the handle has been released through the SCardReleaseContext function."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en pcsc-lite en versiones anteriores a 1.8.20 permite a atacantes remotos provocar denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un comando que utiliza \"cardsList\" despu\u00e9s de que el manejo haya sido lanzado a trav\u00e9s de la funci\u00f3n SCardReleaseContext."
}
],
"id": "CVE-2016-10109",
"lastModified": "2024-11-21T02:43:19.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-23T20:59:00.143",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3752"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/03/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95263"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3176-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://salsa.debian.org/rousseau/PCSC/-/commit/697fe05967af7ea215bcd5d5774be587780c9e22"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201702-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/03/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3176-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://salsa.debian.org/rousseau/PCSC/-/commit/697fe05967af7ea215bcd5d5774be587780c9e22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201702-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-18 18:03
Modified
2024-11-21 01:21
Severity ?
Summary
Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D80A3C82-3CCB-45C1-94A8-8AEF3BA5BF97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n ATRDecodeAtr en el manejador de respuesta al reinicio \"Answer-to-Reset (ATR)\" (atrhandler.c) para pcscd en PCSC-Lite v1.5.3, y posiblemente otras versiones v1.5.x o v1.6.x, permite a atacantes f\u00edsicamente cercanos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una tarjeta inteligente con un mensaje de ATR que contiene un valor de atributo de largo."
}
],
"id": "CVE-2010-4531",
"lastModified": "2024-11-21T01:21:09.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-18T18:03:07.970",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053079.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053095.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42912"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43112"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2156"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:015"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/22/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45450"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3264"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0101"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0180"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0256"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053079.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053095.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/22/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4531"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-18 16:30
Modified
2024-11-21 01:10
Severity ?
Summary
The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| muscle | pcsc-lite | * | |
| muscle | pcsc-lite | 1.1.2 | |
| muscle | pcsc-lite | 1.1.2 | |
| muscle | pcsc-lite | 1.1.2 | |
| muscle | pcsc-lite | 1.1.2 | |
| muscle | pcsc-lite | 1.2.0 | |
| muscle | pcsc-lite | 1.2.0 | |
| muscle | pcsc-lite | 1.2.0 | |
| muscle | pcsc-lite | 1.2.0 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.2.9 | |
| muscle | pcsc-lite | 1.3.0 | |
| muscle | pcsc-lite | 1.3.1 | |
| muscle | pcsc-lite | 1.3.2 | |
| muscle | pcsc-lite | 1.3.3 | |
| muscle | pcsc-lite | 1.4.0 | |
| muscle | pcsc-lite | 1.4.1 | |
| muscle | pcsc-lite | 1.4.2 | |
| muscle | pcsc-lite | 1.4.3 | |
| muscle | pcsc-lite | 1.4.4 | |
| muscle | pcsc-lite | 1.4.99 | |
| muscle | pcsc-lite | 1.4.100 | |
| muscle | pcsc-lite | 1.4.101 | |
| muscle | pcsc-lite | 1.4.102 | |
| muscle | pcsc-lite | 1.5.0 | |
| muscle | pcsc-lite | 1.5.1 | |
| muscle | pcsc-lite | 1.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50F18AEC-160C-45E7-9554-0D39336DE4EA",
"versionEndIncluding": "1.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.1.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "78E8EB5C-5E71-48A8-B09B-F2644F13A3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.1.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "CAA8E0DE-C019-4633-A946-A7E175AD23B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.1.2:beta4:*:*:*:*:*:*",
"matchCriteriaId": "903F0D60-D275-47CB-93C2-EAE20466C2E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.1.2:beta5:*:*:*:*:*:*",
"matchCriteriaId": "B1004154-C058-448C-9C50-ABF2174FA262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46A00763-D902-402F-BC4B-2E47B08F50D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "65D08B7A-4318-4FB8-A149-258BAC8317C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBCC7E79-FAAB-40C1-A963-45469DC2B8AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AC8CEF5A-8696-453C-8E0F-EA1F60DF6A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3595AD01-5244-4848-85CD-EDCE981ED122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta10:*:*:*:*:*:*",
"matchCriteriaId": "EC5FBA06-86F2-4154-A075-A91CFECA0077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2F0D22D4-4132-42B1-9582-F19F906F52A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C6A4D149-3DBF-4E0F-8BAB-4BD41EF92753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta4:*:*:*:*:*:*",
"matchCriteriaId": "9D74FC75-36ED-4F67-993D-75D75D84D0C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta5:*:*:*:*:*:*",
"matchCriteriaId": "C1D2AB67-7DA8-489C-A41E-5E44FCF47077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta6:*:*:*:*:*:*",
"matchCriteriaId": "BA18C77F-A0E4-454A-B457-CBA1596EC8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta7:*:*:*:*:*:*",
"matchCriteriaId": "8EB00053-2D08-413E-A99C-2F280D4C09B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta8:*:*:*:*:*:*",
"matchCriteriaId": "05927DD0-FF2F-4C00-8343-E2A2C0444AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.2.9:beta9:*:*:*:*:*:*",
"matchCriteriaId": "9C8EAAEE-6DA1-4BFA-B2CE-DE7326A16901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FBECF-7A1A-4A85-ACDB-BAFA1CBB2FB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77E63206-188B-411A-B922-EBF1156DF8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAD5268-CC5F-4A02-BDFF-781ED5F09862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B607020-8BE6-42DE-808C-D39EDF9865CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3DDB2F-0287-45AF-8D1E-50A0FBAE933A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "710CCA42-8525-4498-BA91-0B13DA7880AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3FDF41-D5DF-4C46-9925-C0A2967BD2BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F8E2F7-6EF7-4628-B519-A475B3B0D452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63B0D255-1770-4B31-B20D-D1AC28AF0ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.99:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F2625B-142D-48C1-A81A-3F4F4E5753DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.100:*:*:*:*:*:*:*",
"matchCriteriaId": "55E8A018-D713-4A15-BDC3-F86BC3BDD5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.101:*:*:*:*:*:*:*",
"matchCriteriaId": "3ECC79CA-5489-49A9-8A4E-303693882E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.4.102:*:*:*:*:*:*:*",
"matchCriteriaId": "0E006C9C-49FB-465D-9C03-25AEBAAAA40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3C9309-E91A-4F9B-BFEE-DD273CB8C6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E53908-A49C-4E31-9BCE-4FD5DB78BD8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:muscle:pcsc-lite:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFCDCD9B-27A4-4591-93AA-38A60382FF41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407."
},
{
"lang": "es",
"value": "La funci\u00f3n MSGFunctionDemarshall en winscard_svc.c en el demonio PC/SC Smart Card (tambi\u00e9n conocido como PCSCD) en MUSCLE PCSC-Lite anteriores a v1.5.4 podr\u00eda permitir a usuarios localesprovocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una mensaje de datos SCARD_SET_ATTRIB manipulado, el cual es deserializado de forma inadecuada provoca una sobrelectura del b\u00fafer, es diferente a CVE-2010-0407."
}
],
"id": "CVE-2009-4901",
"lastModified": "2024-11-21T01:10:44.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-18T16:30:01.233",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40140"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40239"
},
{
"source": "cve@mitre.org",
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4208"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40758"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.debian.org/wsvn/pcsclite/?sc=1\u0026rev=4208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2010/dsa-2059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}