-
Notifications
You must be signed in to change notification settings - Fork 713
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possible buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package
#2785
Comments
|
yes, indeed. Could you create a pull request, please? How did you find this problem? is there some systematic/automatic process possible? |
|
Sure, I'll make a PR on monday. |
|
CVE-2023-2977 was assigned for this issue. |
Problem Description
On reviewing historical CVE vulnerabilities, I found a possible recurring vulnerability as CVE-2021-42782, which was reported by oss-fuzz and fixed in commit 1252aca.
The newly found issue exists in pkcs15-init module. Like the original bug in libopensc,
cardos_have_verifyrc_packagein pkcs15-cardos.c scans an ans1 buffer for 2 tags. The pointerpis moved after eachsc_asn1_find_taginvocation, which results in the miscalculation of the length of left bytes in buffer and hence reading beyond the end of the buffer.Proposed Resolution
Almost the same patch like 1252aca will do:
Reference
https://www.opencve.io/cve/CVE-2021-42782
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29912
The text was updated successfully, but these errors were encountered: