CVE-2016-10109 - Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of

CVE-2016-10109

Summary

Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.

References

Vulnerable Configurations

cpe:2.3:a:muscle:pcsc-lite:*:*:*:*:*:*:*:*
cpe:2.3:a:muscle:pcsc-lite:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

CVSS

Base:	5.0 (as of 29-06-2021 - 15:15)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	95263
confirm	https://salsa.debian.org/rousseau/PCSC/-/commit/697fe05967af7ea215bcd5d5774be587780c9e22
debian	DSA-3752
gentoo	GLSA-201702-01
mlist	[oss-security] 20170103 Re: CVE Request: pcsc-lite use-after-free and double-free [pcsclite-muscle] 20161226 New pcsc-lite 1.8.20
ubuntu	USN-3176-1

Last major update

29-06-2021 - 15:15

Published

23-02-2017 - 20:59

Last modified

29-06-2021 - 15:15