Vulnerability Name:

CVE-2018-16425 (CCN-148362)

Assigned:2018-08-14
Published:2018-08-14
Updated:2019-09-11
Summary:A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVSS v3 Severity:6.6 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Physical
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
5.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Physical
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.2 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-415
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2018-16425

Source: CCN
Type: BugTraq Mailing List, Tue, 14 Aug 2018 15:42:49 +0200
X41 D-Sec GmbH Security Advisory X41-2018-002: Multiple Vulnerabilities in OpenSC

Source: XF
Type: UNKNOWN
opensc-cve201816425-dos(148362)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d643a0fa169471dbf2912f4866dc49c5

Source: MISC
Type: Patch, Release Notes, Third Party Advisory
https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1

Source: CCN
Type: OpenSC GIT Repository
OpenSC

Source: MLIST
Type: UNKNOWN
[debian-lts-announce] 20190911 [SECURITY] [DLA 1916-1] opensc security update

Source: MISC
Type: Exploit, Third Party Advisory
https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:opensc-project:opensc:*:*:*:*:*:*:*:* (Version <= 0.18.0)

  • Configuration CCN 1:
  • cpe:/a:opensc_project:opensc:0.18.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:201816425
    V
    CVE-2018-16425
    2023-06-22
    oval:org.opensuse.security:def:7724
    P
    opensc-0.22.0-150400.1.7 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3130
    P
    libSDL-1_2-0-1.2.15-15.11.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94760
    P
    opensc-0.22.0-150400.1.7 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:249
    P
    opensc-0.19.0-3.7.1 on GA media (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:520
    P
    Security update for google-gson (Important)
    2022-06-10
    oval:org.opensuse.security:def:1178
    P
    Security update for go1.18 (Important)
    2022-06-07
    oval:org.opensuse.security:def:113061
    P
    opensc-0.21.0-2.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:840
    P
    Security update for permissions (Moderate)
    2021-12-28
    oval:org.opensuse.security:def:106501
    P
    opensc-0.21.0-2.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:69932
    P
    Security update for ffmpeg (Important)
    2021-09-23
    oval:org.opensuse.security:def:71350
    P
    opensc-0.19.0-1.14 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:103419
    P
    opensc-0.19.0-1.14 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:96729
    P
    opensc-0.19.0-1.14 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:89764
    P
    opensc-0.19.0-1.14 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:61609
    P
    opensc-0.19.0-1.14 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:1261
    P
    Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) (Important)
    2021-08-17
    oval:org.opensuse.security:def:47502
    P
    squashfs-4.3-6.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47779
    P
    libruby2_1-2_1-2.1.9-18.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47742
    P
    libmodplug1-0.8.9.0+git20170610.f6dd59a-15.4.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47914
    P
    vorbis-tools-1.4.0-26.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47041
    P
    liblcms1-1.19-17.28 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48040
    P
    gzip-1.10-2.12 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48239
    P
    mariadb-10.2.25-3.19.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47056
    P
    libopenssl-devel-1.0.2j-55.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48167
    P
    libpango-1_0-0-1.40.1-9.5 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47370
    P
    libldb1-1.1.29-1.13 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47778
    P
    librelp0-1.2.12-3.3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48269
    P
    perl-Tk-804.031-5.3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47594
    P
    dnsmasq-2.78-18.3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47793
    P
    libtag1-1.9.1-1.218 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47956
    P
    audiofile-0.3.6-11.3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48107
    P
    libevent-2_0-5-2.0.21-6.3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47042
    P
    libldap-2_4-2-2.4.41-18.25.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48102
    P
    libcroco-0_6-3-0.6.11-12.3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48331
    P
    unrar-5.0.14-3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47177
    P
    wireshark-1.12.13-31.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48198
    P
    libsqlite3-0-3.8.10.2-9.12.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:62267
    P
    opensc-0.19.0-3.7.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72008
    P
    opensc-0.19.0-3.7.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:1899
    P
    ant-1.10.7-4.3.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101025
    P
    opensc-0.19.0-3.7.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:67767
    P
    Security update for the Linux Kernel (Live Patch 22 for SLE 15) (Important)
    2021-06-18
    oval:org.opensuse.security:def:71007
    P
    libpcre2-16-0-10.31-1.14 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48839
    P
    gstreamer-0_10-plugins-bad-0.10.23-25.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:71120
    P
    wget-1.19.5-1.8 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48907
    P
    gnome-shell-calendar-3.20.4-77.17.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48935
    P
    libnewt0_52-0.52.16-1.83 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48479
    P
    libXxf86vm1-1.1.3-3.53 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48777
    P
    gstreamer-0_10-plugins-bad-0.10.23-20.51 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48904
    P
    gegl-0_2-0.2.0-14.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48961
    P
    pulseaudio-module-bluetooth-5.0-4.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48693
    P
    libreoffice-4.3.1.2-3.7 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:69827
    P
    Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:100609
    P
    (Important)
    2021-01-20
    oval:org.opensuse.security:def:116833
    P
    opensc-0.19.0-1.14 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:93896
    P
    opensc-0.19.0-1.14 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:61929
    P
    opensc-0.19.0-1.14 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:71670
    P
    opensc-0.19.0-1.14 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:107275
    P
    opensc-0.19.0-1.14 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:49006
    P
    libatalk12-3.1.0-3.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:49281
    P
    opensc on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64333
    P
    libidn2-0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50336
    P
    Security update for opensc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:66484
    P
    liblz4-1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:73149
    P
    libcroco on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:73267
    P
    opensc on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49227
    P
    librsync-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64420
    P
    opensc on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:67667
    P
    libcolord2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50282
    P
    Security update for sssd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:66576
    P
    opensc on GA media (Moderate)
    2020-12-01
    oval:com.ubuntu.xenial:def:2018164250000000
    V
    CVE-2018-16425 on Ubuntu 16.04 LTS (xenial) - medium.
    2018-09-04
    oval:com.ubuntu.disco:def:2018164250000000
    V
    CVE-2018-16425 on Ubuntu 19.04 (disco) - medium.
    2018-09-04
    oval:com.ubuntu.bionic:def:2018164250000000
    V
    CVE-2018-16425 on Ubuntu 18.04 LTS (bionic) - medium.
    2018-09-04
    oval:com.ubuntu.bionic:def:201816425000
    V
    CVE-2018-16425 on Ubuntu 18.04 LTS (bionic) - medium.
    2018-09-03
    oval:com.ubuntu.cosmic:def:201816425000
    V
    CVE-2018-16425 on Ubuntu 18.10 (cosmic) - medium.
    2018-09-03
    oval:com.ubuntu.cosmic:def:2018164250000000
    V
    CVE-2018-16425 on Ubuntu 18.10 (cosmic) - medium.
    2018-09-03
    oval:com.ubuntu.trusty:def:201816425000
    V
    CVE-2018-16425 on Ubuntu 14.04 LTS (trusty) - medium.
    2018-09-03
    oval:com.ubuntu.xenial:def:201816425000
    V
    CVE-2018-16425 on Ubuntu 16.04 LTS (xenial) - medium.
    2018-09-03
    BACK
    opensc-project opensc *
    opensc_project opensc 0.18.0