Candidate: CVE-2019-15946
PublicDate: 2019-09-05 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15946
 https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740
 https://github.com/OpenSC/OpenSC/compare/f1691fc...12218d4
Description:
 OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet
 string in asn1_decode_entry in libopensc/asn1.c.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939669
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [6.4 MEDIUM]


Patches_opensc:
 upstream: https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740
upstream_opensc: released (0.16.0-3+deb8u1)
precise/esm_opensc: DNE
trusty_opensc: ignored (out of standard support)
trusty/esm_opensc: DNE
xenial_opensc: ignored (end of standard support, was needed)
bionic_opensc: needed
disco_opensc: ignored (reached end-of-life)
eoan_opensc: ignored (reached end-of-life)
focal_opensc: not-affected (0.20.0-1)
groovy_opensc: not-affected (0.20.0-1)
hirsute_opensc: not-affected (0.20.0-1)
impish_opensc: not-affected (0.20.0-1)
jammy_opensc: not-affected (0.20.0-1)
devel_opensc: not-affected (0.20.0-1)