CVE-2019-15945
- Source
- https://cve.org/CVERecord?id=CVE-2019-15945
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15945.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-15945
- Downstream
- Related
- Published
- 2019-09-05T17:15:11.873Z
- Modified
- 2026-02-06T05:15:25.492116Z
- Severity
-
- 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decodebitstring in libopensc/asn1.c.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/
- http://www.openwall.com/lists/oss-security/2019/12/29/1
- https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68
- https://github.com/OpenSC/OpenSC/compare/f1691fc...12218d4
- https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html
- https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68
- https://github.com/OpenSC/OpenSC/compare/f1691fc...12218d4
- http://www.openwall.com/lists/oss-security/2019/12/29/1
- https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html
Affected packages
Git / github.com/opensc/opensc
Affected ranges
- Type
- GIT
- Repo
- https://github.com/opensc/opensc
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.12.2
0.12.2-rc1
0.13.0
0.13.0pre1
0.13.0rc1
0.14.0
0.14.0rc2
0.14.0rtm
0.15.0
0.16.0
0.16.0-rc1
0.16.0-rc2
0.17.0
0.17.0-rc1
0.17.0-rc2
0.18.0
0.18.0-rc1
0.18.0-rc2
0.19.0
0.19.0-rc1
v0.*
v0.12.2
v0.16.0-pre1
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://github.com/opensc/opensc/commit/412a6142c27a5973c61ba540e33cdc22d5608e68",
"id": "CVE-2019-15945-5ff9212e",
"target": {
"file": "src/libopensc/asn1.c"
},
"digest": {
"line_hashes": [
"297175338200415450495469453137505148979",
"324464793528311656715900885897677107677",
"235162866907379193967776824386251535809",
"148892391738533823772808675824081347164",
"271007510155698596031020343162910857595",
"17928902979717757606177869801051367107",
"6680214412565745825158616163531721129",
"308450731521761626803739219073195203892",
"235313599250259173294102152659145129581",
"184459165867828565842888035184684183514",
"66599990226266053176047532713479330761",
"234365475496651906006414592092147041548"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/opensc/opensc/commit/412a6142c27a5973c61ba540e33cdc22d5608e68",
"id": "CVE-2019-15945-b438983c",
"target": {
"file": "src/libopensc/asn1.c",
"function": "decode_bit_string"
},
"digest": {
"function_hash": "73470549151581179276510363648036828424",
"length": 675.0
},
"signature_type": "Function",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15945.json"