 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.12.2025.7346.1 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-7346-1) |
| Summary: | The remote host is missing an update for the 'opensc' package(s) announced via the USN-7346-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'opensc' package(s) announced via the USN-7346-1 advisory. Vulnerability Insight: It was discovered that OpenSC did not correctly handle certain memory operations, which could lead to a use-after-free vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-42780) It was discovered that OpenSC did not correctly handle certain memory operations, which could lead to a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-42782) It was discovered that OpenSC did not correctly handle the length of certain buffers, which could lead to a out-of-bounds access vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-2977) Deepanjan Pal discovered that OpenSC did not correctly authenticate a zero length PIN. A physically proximate attacker could possibly use this issue to gain unauthorized access to certain systems. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-40660) It was discovered that OpenSC did not correctly handle certain memory operations. A physically proximate attacker could possibly use this issue to compromise key generation, certificate loading and other card management operations. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-40661) Hubert Kario, Michal Shagam and Eyal Ronen discovered that OpenSC had a timing side-channel and incorrectly handled RSA padding. An attacker could possibly use this issue to recover sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-5992) Matteo Marini discovered that OpenSC did not properly manage memory due to certain uninitialized variables. A physically proximate attacker could possibly use this issue to gain unauthorized access to certain systems. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-45615) Matteo Marini discovered that OpenSC did not correctly handle certain memory operations. A physically proximate attacker could possibly use this issue to gain unauthorized access to certain systems. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-45616, CVE-2024-45617) Matteo Marini discovered that OpenSC did not correctly handle certain memory operations. A physically proximate attacker could possibly use this issue to gain unauthorized access to certain systems. (CVE-2024-45618, CVE-2024-45620) Matteo Marini discovered that OpenSC did not correctly handle certain memory operations. A physically proximate attacker could possibly use this issue to gain unauthorized access to certain ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'opensc' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04, Ubuntu 24.10. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-42780 https://security.gentoo.org/glsa/202209-03 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383 https://bugzilla.redhat.com/show_bug.cgi?id=2016139 https://github.com/OpenSC/OpenSC/commit/5df913b7 https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2021-42782 https://bugzilla.redhat.com/show_bug.cgi?id=2016448 https://github.com/OpenSC/OpenSC/commit/1252aca9 https://github.com/OpenSC/OpenSC/commit/456ac566 https://github.com/OpenSC/OpenSC/commit/7114fb71 https://github.com/OpenSC/OpenSC/commit/78cdab94 https://github.com/OpenSC/OpenSC/commit/ae1cf0be Common Vulnerability Exposure (CVE) ID: CVE-2023-2977 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAR54OV6EHA56B4XJF6RNPQ4HJ2ITU66/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJD4Q4AJSGE5UIJI7OUYZY4HGGCVYQNI/ https://access.redhat.com/security/cve/CVE-2023-2977 https://bugzilla.redhat.com/show_bug.cgi?id=2211088 https://github.com/OpenSC/OpenSC/issues/2785 https://github.com/OpenSC/OpenSC/pull/2787 Common Vulnerability Exposure (CVE) ID: CVE-2023-40660 RHBZ#2240912 https://bugzilla.redhat.com/show_bug.cgi?id=2240912 RHSA-2023:7876 https://access.redhat.com/errata/RHSA-2023:7876 RHSA-2023:7879 https://access.redhat.com/errata/RHSA-2023:7879 http://www.openwall.com/lists/oss-security/2023/12/13/2 https://access.redhat.com/security/cve/CVE-2023-40660 https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories https://lists.debian.org/debian-lts-announce/2023/11/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/ Common Vulnerability Exposure (CVE) ID: CVE-2023-40661 RHBZ#2240913 https://bugzilla.redhat.com/show_bug.cgi?id=2240913 http://www.openwall.com/lists/oss-security/2023/12/13/3 https://access.redhat.com/security/cve/CVE-2023-40661 Common Vulnerability Exposure (CVE) ID: CVE-2023-5992 RHBZ#2248685 https://bugzilla.redhat.com/show_bug.cgi?id=2248685 RHSA-2024:0966 https://access.redhat.com/errata/RHSA-2024:0966 RHSA-2024:0967 https://access.redhat.com/errata/RHSA-2024:0967 https://access.redhat.com/security/cve/CVE-2023-5992 https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/ Common Vulnerability Exposure (CVE) ID: CVE-2024-45615 Common Vulnerability Exposure (CVE) ID: CVE-2024-45616 Common Vulnerability Exposure (CVE) ID: CVE-2024-45617 Common Vulnerability Exposure (CVE) ID: CVE-2024-45618 Common Vulnerability Exposure (CVE) ID: CVE-2024-45619 Common Vulnerability Exposure (CVE) ID: CVE-2024-45620 Common Vulnerability Exposure (CVE) ID: CVE-2024-8443 |
| Copyright | Copyright (C) 2025 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |