Vulnerability Details CVE-2019-20792
OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.4%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 4.6
References
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208
- https://github.com/OpenSC/OpenSC/commit/c246f6f69a749d4f68626b40795a4f69168008f4
- https://github.com/OpenSC/OpenSC/compare/0.19.0...0.20.0
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208
- https://github.com/OpenSC/OpenSC/commit/c246f6f69a749d4f68626b40795a4f69168008f4
- https://github.com/OpenSC/OpenSC/compare/0.19.0...0.20.0
Products affected by CVE-2019-20792
-
cpe:2.3:a:opensc_project:opensc:0.12.2
-
cpe:2.3:a:opensc_project:opensc:0.13.0
-
cpe:2.3:a:opensc_project:opensc:0.14.0
-
cpe:2.3:a:opensc_project:opensc:0.15.0
-
cpe:2.3:a:opensc_project:opensc:0.16.0
-
cpe:2.3:a:opensc_project:opensc:0.17.0
-
cpe:2.3:a:opensc_project:opensc:0.18.0
-
cpe:2.3:a:opensc_project:opensc:0.19.0
-
cpe:2.3:a:opensc_project:opensc:0.2.0
-
cpe:2.3:a:opensc_project:opensc:0.3.0
-
cpe:2.3:a:opensc_project:opensc:0.3.1