1. CVE-Search
  2. CVE-2019-20792
ID CVE-2019-20792
Summary OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.
References
Vulnerable Configurations
  • cpe:2.3:a:opensc_project:opensc:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.12.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.12.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.13.0:-:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.13.0:-:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.13.0:prerelease1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.13.0:prerelease1:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.13.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.13.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.14.0:-:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.14.0:-:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.14.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.14.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.15.0:-:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.15.0:-:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.15.0:prerelease1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.15.0:prerelease1:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.15.0:prerelease2:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.15.0:prerelease2:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.15.0:prerelease3:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.15.0:prerelease3:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.16.0:-:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.16.0:-:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.16.0:prerelease1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.16.0:prerelease1:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.16.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.16.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.16.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.16.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.17.0:-:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.17.0:-:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.17.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.17.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.17.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.17.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.18.0:-:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.18.0:-:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.18.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.18.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.18.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.18.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.19.0:-:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.19.0:-:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.19.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.19.0:rc1:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 26-05-2020 - 16:51)
Impact:
Exploitability:
CWE CWE-415
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 1837946
title CVE-2019-20792 opensc: Double free in coolkey_free_private_data in libopensc/card-coolkey.c
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment opensc is earlier than 0:0.20.0-2.el8
          oval oval:com.redhat.rhsa:tst:20204483001
        • comment opensc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192154002
      • AND
        • comment opensc-debugsource is earlier than 0:0.20.0-2.el8
          oval oval:com.redhat.rhsa:tst:20204483003
        • comment opensc-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20204483004
rhsa
id RHSA-2020:4483
released 2020-11-04
severity Moderate
title RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate)
rpms
  • opensc-0:0.20.0-2.el8
  • opensc-debuginfo-0:0.20.0-2.el8
  • opensc-debugsource-0:0.20.0-2.el8
refmap via4
misc
Last major update 26-05-2020 - 16:51
Published 29-04-2020 - 04:15
Last modified 26-05-2020 - 16:51
Back to Top