CVE-2018-16418
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-16418
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16418.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-16418
- Downstream
- Related
- Published
- 2018-09-04T00:29:00Z
- Modified
- 2025-10-21T04:31:30.562784Z
- Severity
-
- 6.6 (Medium) CVSS_V3 - CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A buffer overflow when handling string concatenation in utilaclto_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
- References
-
- https://access.redhat.com/errata/RHSA-2019:2154
- https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-628c8445c4e7ae92bbc4be08ba11a4c3
- https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1
- https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
- https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html
Affected packages
Git / github.com/opensc/opensc
Affected ranges
- Type
- GIT
- Repo
- https://github.com/opensc/opensc
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
0.*
0.12.2
0.12.2-rc1
0.13.0
0.13.0pre1
0.13.0rc1
0.14.0
0.14.0rc2
0.14.0rtm
0.15.0
0.16.0
0.16.0-rc1
0.16.0-rc2
0.17.0
0.17.0-rc1
0.17.0-rc2
0.18.0
0.18.0-rc1
0.18.0-rc2
v0.*
v0.12.2
v0.16.0-pre1
Database specific
vanir_signatures
[
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"function": "util_acl_to_str",
"file": "src/tools/util.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "271210299797610273157981141979724814179",
"length": 1384.0
},
"signature_type": "Function",
"id": "CVE-2018-16418-0b99bc9e"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"file": "src/libopensc/card-tcos.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"233481318598077239565688734290162833015",
"97939052609524587507400894812109442123",
"204087041383039004585492653448018035520",
"131445439589440703229908460382952763572",
"278834472465471595746656920320176494705",
"139222638798623248043302620018254649039",
"175896651905048379003378018399321379111",
"224505982217859260857118268338313184916",
"65206650238824587225114345289817012170"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-16418-0c147fac"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"function": "sc_pkcs15emu_sc_hsm_init",
"file": "src/libopensc/pkcs15-sc-hsm.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "3601200181852955403230350787482029340",
"length": 6385.0
},
"signature_type": "Function",
"id": "CVE-2018-16418-1d16052d"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"file": "src/libopensc/sc.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"177921028135058265830405297954293672054",
"299996131515017520667429232285183170350",
"208610982332766045388276120179790241671",
"151360034371372479209290112909957341284"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-16418-1e47467f"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"function": "read_public_key",
"file": "src/tools/cryptoflex-tool.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "211357944350941154032202650742391697888",
"length": 900.0
},
"signature_type": "Function",
"id": "CVE-2018-16418-2a2c565d"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"file": "src/libopensc/card-cac.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"180997872810827503776550627596057610293",
"163181184741832334222622577538376576800",
"295584529879602039420667828216198547267",
"178878409965885542681033683125132049375"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-16418-3010659d"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"file": "src/tools/egk-tool.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"60194579827802047239071052627609596123",
"336562014831331879228526401831414353461",
"64856043631244063980538676876814095534",
"215577835530444328041456047591925585022"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-16418-376fa95f"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"file": "src/libopensc/card-epass2003.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"50089616092642694722495152257871806558",
"129090270381902937559966690903769976004",
"194204289983092010055155575685654392737",
"45078233133659491793302210458452893622",
"17048660723993156470457524797781597423",
"91678529902572139490964807264491437655",
"226903748607216912199596345292033996604",
"147778325612397487462815129713062729938"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-16418-3fcffabe"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"file": "src/libopensc/card-muscle.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"250976598612894953921816414524457847426",
"329666269851755966857616801842498328952",
"19008280521317996949758254284125827774",
"177630364593721804175269770290181932638",
"24060003670950065524817680602091604756",
"89796380591064851615137692110354998869",
"216849173512820984644230172572648107300",
"320057497106042614487543469866971329847"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-16418-4c1e03e7"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"file": "src/tools/cryptoflex-tool.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"274547891528856582298764442486655688352",
"97810758309473749134017944501921098585",
"124309428883519806033819612118108239208",
"37541873294839517359746908680105660492",
"311258109344094285940934742868419197417",
"172944704662178634957673636699151796903",
"246803547979912446391600656798309090247",
"277510741662249105929233718888949218741",
"231468131297730207443287027598089995813",
"172944704662178634957673636699151796903"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-16418-52ed392b"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"function": "sc_file_set_sec_attr",
"file": "src/libopensc/sc.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "53435621884516961795550514721669502530",
"length": 602.0
},
"signature_type": "Function",
"id": "CVE-2018-16418-54015c1f"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"file": "src/libopensc/pkcs15-sc-hsm.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"197179338693329959337574733795721366011",
"181499596042145963708832815578185416673",
"115686202300605459028130681808916083323",
"32469362041368729738471244151727158581",
"70975519517677111108240587619915187754",
"97564755112860652651284748958326495761",
"54722519292892086896767483020852733567",
"164698281020407393870005573215208205002"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-16418-63c4d150"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"function": "read_private_key",
"file": "src/tools/cryptoflex-tool.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "303959976683711236987735509196219450362",
"length": 1026.0
},
"signature_type": "Function",
"id": "CVE-2018-16418-7bc53b8f"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"function": "read_file",
"file": "src/tools/egk-tool.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "274405994782023040229606639159304615881",
"length": 549.0
},
"signature_type": "Function",
"id": "CVE-2018-16418-7e6a598b"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"function": "epass2003_sm_unwrap_apdu",
"file": "src/libopensc/card-epass2003.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "243539145408573173791081355314366755475",
"length": 854.0
},
"signature_type": "Function",
"id": "CVE-2018-16418-893c7ffe"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"function": "muscle_list_files",
"file": "src/libopensc/card-muscle.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "145994158574777877406945467475522326317",
"length": 642.0
},
"signature_type": "Function",
"id": "CVE-2018-16418-b2a32803"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"file": "src/tools/util.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"35700710565449482466961057702051773391",
"338848126074617841669023222188166574042",
"85193061301796843207587396052783037418",
"201328038495423799265820585956823551600",
"227092369676207675362403595507749640557",
"119207481776238519336941479755834020817",
"255421454904442896237866729116323676848"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-16418-b34a839c"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"file": "src/libopensc/pkcs15-esteid.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"228609031766473617867107821980241461018",
"1017328676681920338293166622495075509",
"13781630178052024411041230002274540200",
"144901520378832140047242421204389340446"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-16418-b7bafe9a"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"function": "sc_pkcs15emu_esteid_init",
"file": "src/libopensc/pkcs15-esteid.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "336629111418218581493741938757605402880",
"length": 4678.0
},
"signature_type": "Function",
"id": "CVE-2018-16418-bc480e08"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"function": "gemsafe_get_cert_len",
"file": "src/libopensc/pkcs15-gemsafeV1.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "319333348733057023251779547878790261198",
"length": 2589.0
},
"signature_type": "Function",
"id": "CVE-2018-16418-dc348323"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"function": "tcos_select_file",
"file": "src/libopensc/card-tcos.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "264141390716061088029320022699475026986",
"length": 3120.0
},
"signature_type": "Function",
"id": "CVE-2018-16418-ecaf1d1f"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"function": "decrypt_response",
"file": "src/libopensc/card-epass2003.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "64917057538921793471670086378052155976",
"length": 1112.0
},
"signature_type": "Function",
"id": "CVE-2018-16418-f98248a3"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"file": "src/libopensc/pkcs15-gemsafeV1.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"136893413313444237524668276446520478241",
"56761857713378916379142858959238642314",
"157439786862763906236340660357414583763",
"122716676019555905785832020813798376114"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-16418-fac32456"
},
{
"source": "https://github.com/opensc/opensc/commit/360e95d45ac4123255a4c796db96337f332160ad",
"target": {
"function": "cac_get_serial_nr_from_CUID",
"file": "src/libopensc/card-cac.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "56864691758844525895391192766386179059",
"length": 572.0
},
"signature_type": "Function",
"id": "CVE-2018-16418-fc70b896"
}
]