CVE-2019-19479

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.

References

Affected packages

Git / github.com/opensc/opensc

Affected ranges

Type

GIT

Repo

https://github.com/opensc/opensc

Events

Introduced

Last affected

f1691fc91fc113191c3a8aaf5facd6983334ec47

Introduced

Last affected

12218d4b0b295d01b81c1e915282b06da438a7f1

Introduced

Last affected

eac516fd41c62fe7166c2054666267993d85cc3d

Introduced

Last affected

01678e871e4bb30dd4bde7bf8b2a63c5cddb6a11

Fixed

c3f23b836e5a1766c36617fe1da30d22f7b63de2

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.19.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.20.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.20.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.20.0-rc3"
        }
    ]
}

Affected versions

0.*

0.12.2

0.12.2-rc1

0.13.0

0.13.0pre1

0.13.0rc1

0.14.0

0.14.0rc2

0.14.0rtm

0.15.0

0.16.0

0.16.0-rc1

0.16.0-rc2

0.17.0

0.17.0-rc1

0.17.0-rc2

0.18.0

0.18.0-rc1

0.18.0-rc2

0.19.0

0.19.0-rc1

0.20.0-rc1

0.20.0-rc2

0.20.0-rc3

v0.*

v0.12.2

v0.16.0-pre1

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "31"
            }
        ]
    }
]

vanir_signatures

[
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "target": {
            "file": "src/libopensc/card-setcos.c"
        },
        "id": "CVE-2019-19479-6e9084bd",
        "deprecated": false,
        "source": "https://github.com/opensc/opensc/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2",
        "digest": {
            "line_hashes": [
                "312700537045446842476960619232256392914",
                "12577001211443987501834181150640691110",
                "19328322763717515580348095176242147780",
                "118003578808881612881485274894912018341"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "file": "src/libopensc/card-setcos.c",
            "function": "parse_sec_attr_44"
        },
        "id": "CVE-2019-19479-f6e42b74",
        "deprecated": false,
        "source": "https://github.com/opensc/opensc/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2",
        "digest": {
            "function_hash": "291474278857799130683909883402632931015",
            "length": 2436.0
        }
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19479.json"