CVE-2010-4523

Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c.

Published: Jan 7, 2011
Updated: Apr 13, 2023
CVE: CVE-2010-4523
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
opensc-project / opensc	0.11.3-pre3	0.11.3-pre3.x
opensc-project / opensc	0.11.8	0.11.8.x
opensc-project / opensc	0.11.3	0.11.3.x
opensc-project / opensc	0.9	0.9.x
opensc-project / opensc	0.8	0.8.x
opensc-project / opensc	0.11.9	0.11.9.x
opensc-project / opensc	0.9.6	0.9.6.x
opensc-project / opensc	0.10.0	0.10.0.x
opensc-project / opensc	0.9.2	0.9.2.x
opensc-project / opensc	0.8.0	0.8.0.x
opensc-project / opensc	0.3.2	0.3.2.x
opensc-project / opensc	0.11.2	0.11.2.x
opensc-project / opensc	0.9.7	0.9.7.x
opensc-project / opensc	0.4.0	0.4.0.x
opensc-project / opensc	0.3.5	0.3.5.x
opensc-project / opensc	0.6.0	0.6.0.x
opensc-project / opensc	0.9.7-b	0.9.7-b.x
opensc-project / opensc	0.11.12	0.11.12.x
opensc-project / opensc	0.9.4	0.9.4.x
opensc-project / opensc	0.11.7	0.11.7.x
opensc-project / opensc	0.7.0	0.7.0.x
opensc-project / opensc	0.11.11	0.11.11.x
opensc-project / opensc	0.10.1	0.10.1.x
opensc-project / opensc	0.6.1	0.6.1.x
opensc-project / opensc	0.11.4	0.11.4.x
opensc-project / opensc	0.5.0	0.5.0.x
opensc-project / opensc	0.9.3	0.9.3.x
opensc-project / opensc	0.11.5	0.11.5.x
opensc-project / opensc	0.9.8	0.9.8.x
opensc-project / opensc	0.9.7-d	0.9.7-d.x
opensc-project / opensc	0.11.1	0.11.1.x
opensc-project / opensc	-	0.11.13.x
opensc-project / opensc	0.8.0.0	0.8.0.0.x
opensc-project / opensc	0.9.5	0.9.5.x
opensc-project / opensc	0.11.6	0.11.6.x
opensc-project / opensc	0.11.10	0.11.10.x
opensc-project / opensc	0.11.0	0.11.0.x
opensc-project / opensc	0.8.1	0.8.1.x

Vulnerability Database

289,599

CVE-2010-4523