opensc: Fix CVE-2023-2977

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun
vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply
a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package
function scans the ASN1 buffer for 2 tags, where remaining length is wrongly
caculated due to moved starting pointer. This leads to possible heap-based buffer
oob read. In cases where ASAN is enabled while compiling this causes a crash.
Further info leak or more damage is possible.

Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

0 files changed, 0 insertions, 0 deletions