The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| muscle | pcsc-lite | 1.3.2 |
| muscle | pcsc-lite | 1.4.0 |
| muscle | pcsc-lite | 1.4.2 |
| muscle | pcsc-lite | 1.5.1 |
| muscle | pcsc-lite | 1.3.0 |
| muscle | pcsc-lite | 1.2.9 |
| muscle | pcsc-lite | 1.4.99 |
| muscle | pcsc-lite | 1.5.2 |
| muscle | pcsc-lite | 1.2.0 |
| muscle | pcsc-lite | 1.4.100 |
| muscle | pcsc-lite | 1.3.3 |
| muscle | pcsc-lite | 1.5.0 |
| muscle | pcsc-lite | 1.4.101 |
| muscle | pcsc-lite | 1.3.1 |
| muscle | pcsc-lite | 1.4.1 |
| muscle | pcsc-lite | 1.4.3 |
| muscle | pcsc-lite | 1.4.102 |
| muscle | pcsc-lite | * |
| muscle | pcsc-lite | 1.1.2 |
| muscle | pcsc-lite | 1.4.4 |
Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| muscle | pcsc-lite | 1.3.2 |
| muscle | pcsc-lite | 1.4.0 |
| muscle | pcsc-lite | 1.4.2 |
| muscle | pcsc-lite | 1.5.1 |
| muscle | pcsc-lite | 1.3.0 |
| muscle | pcsc-lite | 1.2.9 |
| muscle | pcsc-lite | 1.4.99 |
| muscle | pcsc-lite | 1.5.2 |
| muscle | pcsc-lite | 1.2.0 |
| muscle | pcsc-lite | 1.4.100 |
| muscle | pcsc-lite | 1.3.3 |
| muscle | pcsc-lite | 1.5.0 |
| muscle | pcsc-lite | 1.4.101 |
| muscle | pcsc-lite | 1.3.1 |
| muscle | pcsc-lite | 1.4.1 |
| muscle | pcsc-lite | 1.4.3 |
| muscle | pcsc-lite | 1.4.102 |
| muscle | pcsc-lite | * |
| muscle | pcsc-lite | 1.1.2 |
| muscle | pcsc-lite | 1.4.4 |
Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| muscle | pcsc-lite | 1.3.2 |
| muscle | pcsc-lite | 1.4.0 |
| muscle | pcsc-lite | 1.4.2 |
| muscle | pcsc-lite | 1.5.1 |
| muscle | pcsc-lite | 1.3.0 |
| muscle | pcsc-lite | 1.2.9 |
| muscle | pcsc-lite | 1.4.99 |
| muscle | pcsc-lite | 1.5.2 |
| muscle | pcsc-lite | 1.2.0 |
| muscle | pcsc-lite | 1.4.100 |
| muscle | pcsc-lite | 1.3.3 |
| muscle | pcsc-lite | 1.5.0 |
| muscle | pcsc-lite | 1.4.101 |
| muscle | pcsc-lite | 1.3.1 |
| muscle | pcsc-lite | 1.4.1 |
| muscle | pcsc-lite | 1.4.3 |
| muscle | pcsc-lite | 1.4.102 |
| muscle | pcsc-lite | * |
| muscle | pcsc-lite | 1.1.2 |
| muscle | pcsc-lite | 1.4.4 |
Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| muscle | pcsc-lite | 1.5.3 |
Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| muscle | pcsc-lite | 1.5.3 |
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.10 |
| canonical | ubuntu_linux | 16.04 |
| muscle | pcsc-lite | * |