opensc: Fix CVE-2023-2977 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Soumya <soumya.sambu@windriver.com>	2023-06-27 11:32:21 +0000
committer	Armin Kuster <akuster808@gmail.com>	2023-07-02 11:17:33 -0400
commit	ec47660654ff144181fd5ac03da1782897b80df3 (patch)
tree	a156ed455f4a37979c45de6cb8a1604665276518 /meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch
parent	0338bf0c6aba2763ea27ef6eee4d443f038b7d58 (diff)
download	meta-openembedded-ec47660654ff144181fd5ac03da1782897b80df3.tar.gz

opensc: Fix CVE-2023-2977

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible. Signed-off-by: Soumya <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: