kumquat-buildroot/package/opensc
Fabrice Fontaine 9c4c3c4c9c package/opensc: fix CVE-2023-2977
A vulnerability was found in OpenSC. This security flaw cause a buffer
overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The
attacker can supply a smart card package with malformed ASN1 context.
The cardos_have_verifyrc_package function scans the ASN1 buffer for 2
tags, where remaining length is wrongly caculated due to moved starting
pointer. This leads to possible heap-based buffer oob read. In cases
where ASAN is enabled while compiling this causes a crash. Further info
leak or more damage is possible.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-09-20 19:41:55 +02:00
..
0001-fixed-compatibility-with-LibreSSL-3.5.0.patch
0002-fixed-compatibility-with-LibreSSL-3.7.0.patch
0003-configure-add-option-to-disable-tests.patch
0004-pkcs15init-correct-left-length-calculation-to-fix-buffer-overrun-bug.patch package/opensc: fix CVE-2023-2977 2023-09-20 19:41:55 +02:00
Config.in
opensc.hash
opensc.mk package/opensc: fix CVE-2023-2977 2023-09-20 19:41:55 +02:00