| Name | CVE-2023-2977 |
| Description | A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-3463-1 |
| Debian Bugs | 1037021 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| opensc (PTS) | jessie, jessie (lts) | 0.16.0-3+deb8u3 | vulnerable |
| stretch (security), stretch (lts), stretch | 0.16.0-3+deb9u2 | vulnerable |
| buster | 0.19.0-1+deb10u1 | vulnerable |
| buster (security) | 0.19.0-1+deb10u3 | fixed |
| bullseye | 0.21.0-1 | vulnerable |
| bookworm | 0.23.0-0.3+deb12u1 | fixed |
| sid, trixie | 0.25.0~rc1-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| opensc | source | jessie | (unfixed) | end-of-life | | |
| opensc | source | stretch | (unfixed) | end-of-life | | |
| opensc | source | buster | 0.19.0-1+deb10u2 | | DLA-3463-1 | |
| opensc | source | (unstable) | 0.23.0-0.3 | | | 1037021 |
Notes
[bullseye] - opensc <no-dsa> (Minor issue)
https://github.com/OpenSC/OpenSC/issues/2785
https://github.com/OpenSC/OpenSC/pull/2787
Fixed by: https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a