CVE-2023-2977

NameCVE-2023-2977
DescriptionA vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3463-1
Debian Bugs1037021

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
opensc (PTS)buster0.19.0-1+deb10u1vulnerable
buster (security)0.19.0-1+deb10u3fixed
bullseye0.21.0-1vulnerable
bookworm0.23.0-0.3+deb12u1fixed
sid, trixie0.25.0~rc1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openscsourcebuster0.19.0-1+deb10u2DLA-3463-1
openscsource(unstable)0.23.0-0.31037021

Notes

[bullseye] - opensc <no-dsa> (Minor issue)
https://github.com/OpenSC/OpenSC/issues/2785
https://github.com/OpenSC/OpenSC/pull/2787
Fixed by: https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a
Search for package or bug name: Reporting problems