Vulnerability CVE-2021-42780

Vulnerability Name:

CVE-2021-42780 (CCN-224786)

Assigned:

2021-10-21

Published:

2021-10-21

Updated:

2023-06-21

Summary:

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

2.0 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
1.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Physical Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

1.2 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2021-42780

Source: secalert@redhat.com
Type: Issue Tracking, Mailing List, Patch, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla - Bug 2016139
(CVE-2021-42780) - CVE-2021-42780 opensc: Use after return in insert_pin function

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
opensc-cve202142780-dos(224786)

Source: CCN
Type: OpenSC GIT Repository
OpenSC

Source: CCN
Type: OpenSC GIT Repository
tcos: Check bounds in insert_pin()

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-42780

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:opensc_project:opensc:0.21.0:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7724	P	opensc-0.22.0-150400.1.7 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51974	P	Security update for cni-plugins (Important)	2022-12-20
oval:org.opensuse.security:def:3130	P	libSDL-1_2-0-1.2.15-15.11.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94760	P	opensc-0.22.0-150400.1.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:851	P	Security update for opensc (Important)	2022-04-12
oval:org.opensuse.security:def:119054	P	Security update for opensc (Important)	2022-04-12
oval:org.opensuse.security:def:42262	P	Security update for opensc (Important)	2022-04-12
oval:org.opensuse.security:def:101582	P	Security update for opensc (Important)	2022-04-12
oval:org.opensuse.security:def:113062	P	opensc-0.22.0-2.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:127183	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:33732	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:29439	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:86674	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:82646	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:57117	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:45078	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:31697	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:89210	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:41626	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:84686	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:59555	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:55262	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:33990	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:30141	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:87498	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:38258	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:83348	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:57520	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:46056	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:125619	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:32210	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:89468	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:23696	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:85758	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:59813	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:55964	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:34581	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:30261	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:88209	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:39271	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:83468	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:58033	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:51684	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:126786	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:33034	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:23986	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:86161	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:60404	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:56084	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:43701	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:31294	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:88526	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:40648	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:84228	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:58857	P	Security update for opensc (Important)	2021-10-29

BACK