CVE-2021-34193 reference #2841
Comments
|
Is this problem known upstream? And if yes, do we have a commit reference? |
|
Yes, all of these were fixed in 0.22.0 release. Not sure how it surfaced just right now. I am not sure if we requested this CVE or somebody else did (probably as the information about fixed version is wrong in the CVE page). I could not find any reference to this CVE ID though before this week. @frankmorgner do you know? I think the https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28768 is fixed with the following commit: d353a46 |
|
In June 2022 I've requested CVEs via mitre.org, which were not processed until a couple of days ago. After many unsuccessful attempts of contacting them, we had decided to request CVEs via Red Hat for the same vulnerabilities, which resulted in the following:
The referenced commits you found are accurate for fixing the problems. I just realized, that we forgot to mention the Red Hat CVEs in the 0.22.0 release announcement as well as adding them to the NEWS and Security advisories in the wiki 😶🌫️ I'm unsure how to proceed with the now "duplicated" CVE. |
|
With the mitre having the response times of 2 years, I will contact Red Hat Product security to try to handle this somehow. Given that we have these covered, I think there needs to be a way to close it as a duplicate. And they will have much more experience with this than we do. If you can update the release notes with the original CVE numbers, it would be great! |
|
Is the understanding correct that |
|
Yes, indeed. I contacted Mitre for updating the description of CVE-2021-34193. |
* Added missing CVEs to NEWS fixes #2841 * added CVE-2021-34193 as duplicate
|
The public information is updated Mitre has been contacted in a seperate CVE issue (still open/in progress). Red Hat has already added a note about the duplicate. |
MITRE published CVE-2021-34193
NVD Published Date: 08/22/2023
Description
Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.
Links
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27719
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28768
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28855
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29912
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30112
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30800
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31448
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31540
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32149
References
https://nvd.nist.gov/vuln/detail/CVE-2021-34193
The text was updated successfully, but these errors were encountered: