Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10109 | 2 Canonical, Muscle | 2 Ubuntu Linux, Pcsc-lite | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function. | |||||
CVE-2009-4902 | 1 Muscle | 1 Pcsc-lite | 2024-02-04 | 6.8 MEDIUM | N/A |
Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407. | |||||
CVE-2009-4901 | 1 Muscle | 1 Pcsc-lite | 2024-02-04 | 2.1 LOW | N/A |
The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407. | |||||
CVE-2010-4530 | 1 Muscle | 1 Pcsc-lite | 2024-02-04 | 4.4 MEDIUM | N/A |
Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow. | |||||
CVE-2010-4531 | 1 Muscle | 1 Pcsc-lite | 2024-02-04 | 4.4 MEDIUM | N/A |
Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value. | |||||
CVE-2010-0407 | 1 Muscle | 1 Pcsc-lite | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled. |