Candidate: CVE-2019-19481
PublicDate: 2019-12-01 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19481
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618
 https://github.com/OpenSC/OpenSC/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278
Description:
 An issue was discovered in OpenSC through 0.19.0 and 0.20.x through
 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC
 certificates.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [4.6 MEDIUM]


Patches_opensc:
upstream_opensc: released (0.19.0~rc1-1)
precise/esm_opensc: DNE
trusty_opensc: ignored (out of standard support)
trusty/esm_opensc: DNE
xenial_opensc: not-affected (code not present)
bionic_opensc: needed
disco_opensc: not-affected (0.19.0-1build1)
eoan_opensc: not-affected (0.19.0-2)
focal_opensc: not-affected (0.20.0-1)
groovy_opensc: not-affected (0.20.0-1)
hirsute_opensc: not-affected (0.20.0-1)
impish_opensc: not-affected (0.20.0-1)
jammy_opensc: not-affected (0.20.0-1)
devel_opensc: not-affected (0.20.0-1)