You are here

CVE-2010-4531

Vincent (CVE) Danen's picture
Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.

Details Source

Mitre

Public Date

2010-12-13 00:00:00

Impact

Moderate

Bugzilla

CVE-2010-4531 pcsc-lite: Stack-based buffer overflow in Answer-to-Reset (ATR) decoder

Bugzilla ID

664 999

CVSS Status

verified

Base Score

4.60

Base Metrics

AV:L/AC:L/Au:N/C:P/I:P/A:P

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (pcsc-lite) RHSA-2013:0525 2013-02-20

CWE

CWE-121

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 pcsc-lite Will not fix