home-assistant
/
buildroot
mirror of https://github.com/home-assistant/buildroot.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
buildroot/package/opensc
History
Fabrice Fontaine 6c7e79cca3 package/opensc: fix CVE-2023-2977 
A vulnerability was found in OpenSC. This security flaw cause a buffer
overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The
attacker can supply a smart card package with malformed ASN1 context.
The cardos_have_verifyrc_package function scans the ASN1 buffer for 2
tags, where remaining length is wrongly caculated due to moved starting
pointer. This leads to possible heap-based buffer oob read. In cases
where ASAN is enabled while compiling this causes a crash. Further info
leak or more damage is possible.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9c4c3c4c9c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 		2023-09-25 09:33:45 +02:00
..
0001-fixed-compatibility-with-LibreSSL-3.5.0.patch
0002-fixed-compatibility-with-LibreSSL-3.7.0.patch
0003-configure-add-option-to-disable-tests.patch
0004-pkcs15init-correct-left-length-calculation-to-fix-buffer-overrun-bug.patch package/opensc: fix CVE-2023-2977 2023-09-25 09:33:45 +02:00
Config.in
opensc.hash
opensc.mk package/opensc: fix CVE-2023-2977 2023-09-25 09:33:45 +02:00