CVE-2016-10109

Priority
Medium
Description
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote
attackers to cause denial of service (crash) via a command that uses
"cardsList" after the handle has been released through the
SCardReleaseContext function.
References
Assigned-to
mdeslaur
Package
Upstream:released (1.8.20-1)
Ubuntu 17.10 (Artful Aardvark):released (1.8.14-1ubuntu2)
Ubuntu 12.04 ESM (Precise Pangolin):released (1.7.4-2ubuntu2.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.8.10-1ubuntu1.1)
Ubuntu Core 15.04:released (1.8.11-3ubuntu1.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.8.14-1ubuntu1.16.04.1)
Ubuntu 17.04 (Zesty Zapus):released (1.8.14-1ubuntu2)
Patches:
Upstream:https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22
Upstream:https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=3aaab9d998b5deb16a246cc7517e44144d281d3b
More Information

Updated: 2017-09-28 22:14:37 UTC (commit 13419)