Detections
Analytics

CVE-2010-4523

medium

Description

Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c.

References

https://www.opensc-project.org/opensc/changeset/4913

https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483

http://www.vupen.com/english/advisories/2011/0212

http://www.vupen.com/english/advisories/2011/0109

http://www.vupen.com/english/advisories/2011/0009

http://www.securityfocus.com/bid/45435

http://www.mandriva.com/security/advisories?name=MDVSA-2011:011

http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html

http://secunia.com/advisories/43068

http://secunia.com/advisories/42807

http://secunia.com/advisories/42658

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html

Details

Source: Mitre, NVD

Published: 2011-01-07

Updated: 2011-02-17

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 6.8

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Medium