| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-Use-sysconfdir-opensc-for-opensc.conf.patch | Use $sysconfdir/opensc for opensc.conf | Eric Dorland <eric@debian.org> | no | 2020-01-26 | ||
| 0002-card-Correctly-free-pointers-durint-cache-invalidati.patch | card: Correctly free pointers durint cache invalidation As the whole structure is memset(0) on the following line, we need to clean the pointers before doing so. Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | upstream | https://github.com/OpenSC/OpenSC/commit/61eb4e487e00ed6758a62f07222488c5ec5fdb42 | 2020-11-30 |
| 0003-pkcs15-Clean-tokeninfo-on-parse-errors-to-avoid-memo.patch | pkcs15: Clean tokeninfo on parse errors to avoid memory leaks Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | upstream | https://github.com/OpenSC/OpenSC/commit/3ffe24cfb63062ad8734e1bd0b6009204a15851b | 2020-11-30 |
| CVE-2021-42782_1.patch | tcos: prevent out of bounds read Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/78cdab949f098ad7e593d853229fccf57d749d0c | 2020-11-30 |
| CVE-2021-42778.patch | idprime: Use temporary variable instead of messing up the passed one Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/f015746d22d249642c19674298a18ad824db0ed7 | 2020-12-02 |
| 0006-gpk-Replace-assert-with-error.patch | gpk: Replace assert with error Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | upstream | https://github.com/OpenSC/OpenSC/commit/196bf9e574fb421b5d0f7f5f064d86631df259ad | 2020-12-07 |
| CVE-2021-42780.patch | tcos: Check bounds in insert_pin() Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/5df913b7f57ad89b9832555d24c08d23a534311e | 2020-12-08 |
| 0008-mcrd-Do-not-leak-memory.patch | mcrd: Do not leak memory Similar as in 62049ea18c622f Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | upstream | https://github.com/OpenSC/OpenSC/commit/1ae8b60425ab61f5c6fedf4502275c9047683f69 | 2020-12-08 |
| 0009-pkcs15-Do-not-override-tokeninfo-in-bind_internal.patch | pkcs15: Do not override tokeninfo in bind_internal Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | upstream | https://github.com/OpenSC/OpenSC/commit/049b2a87543b48cd119341637c8c0529aa511903 | 2020-12-11 |
| 0010-itacns-Correctly-free-allocated-memory.patch | itacns: Correctly free allocated memory Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | upstream | https://github.com/OpenSC/OpenSC/commit/3135fccdca3e45934e99534dc270113451e03f3c | 2020-12-11 |
| CVE-2021-42779.patch | oberthur: Correctly check for return values Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/1db88374bb7706a115d5c3617c6f16115c33bf27 | 2021-01-07 |
| 0012-iasecc-Avoid-another-memory-leak.patch | iasecc: Avoid another memory leak Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | upstream | https://github.com/OpenSC/OpenSC/commit/03cbf91be54e2b54dd87176d1136570610e32f3f | 2021-01-15 |
| 0013-p11test-Explicitly-return-in-case-of-SKIP-macro-is-u.patch | p11test: Explicitly return in case of SKIP macro is used Thanks coverity Fixes CID 365263 |
Jakub Jelen <jjelen@redhat.com> | no | https://github.com/OpenSC/OpenSC/commit/5f16ffae848e88dc2c93a6a4c1501501dddbbdd8 | 2021-01-15 | |
| 0014-Small-memory-leak-fix.patch | Small memory leak fix | Zhang Xiaohui <ruc_zhangxiaohui@163.com> | no | https://github.com/OpenSC/OpenSC/commit/1c4a01d76639a30c41d877890f299f0299c90932 | 2021-02-08 | |
| 0015-Small-memory-leak-fix.patch | Small memory leak fix | Zhang Xiaohui <ruc_zhangxiaohui@163.com> | no | https://github.com/OpenSC/OpenSC/commit/49788678fe7245f03e8e2dae5fe3df95c578fb7e | 2021-02-08 | |
| 0016-oberthur-Avoid-memory-leaks.patch | oberthur: Avoid memory leaks Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/251c4f6b7613a9cea421035e5971c793fc30f9e2 | 2021-02-03 |
| 0017-apdu-Do-not-insert-delay-while-fuzzing.patch | apdu: Do not insert delay while fuzzing This was timeout after 60 seconds. After skipping this call, we get down to 1 s for the same input Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | upstream | https://github.com/OpenSC/OpenSC/commit/7ba89daae6b5ad8a78c4bf7e10796953a9017313 | 2021-02-03 |
| 0018-oberthur-Free-another-read-data-on-failure-paths.patch | oberthur: Free another read data on failure paths | Jakub Jelen <jjelen@redhat.com> | no | debian | https://github.com/OpenSC/OpenSC/commit/9c91a4327e6db579f7f964f147fd6e94a0e1b85e | 2021-02-03 |
| CVE-2021-42781_1.patch | oberthur: Avoid two buffer overflows Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/17d8980cde7be597afc366b7e311d0d7cadcb1f4 | 2021-02-03 |
| CVE-2021-42782_2.patch | cardos: Correctly calculate the left bytes to avoid buffer overrun Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/1252aca9f10771ef5ba8405e73cf2da50827958f | 2021-02-04 |
| CVE-2021-42782_3.patch | iasecc: Prevent stack buffer overflow when empty ACL is returned Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/ae1cf0be90396fb6c0be95829bf0d3eecbd2fd1c | 2021-02-11 |
| 0022-isoApplet-Prevent-reading-uninitialized-values.patch | isoApplet: Prevent reading uninitialized values CID 365823 Thanks coverity |
Jakub Jelen <jjelen@redhat.com> | no | https://github.com/OpenSC/OpenSC/commit/1dbe4b5a5b45b044bb9787bcfe4d093b10b455c1 | 2021-02-11 | |
| 0023-sm-cwa14890-Fix-resource-leak.patch | sm-cwa14890: Fix resource leak CID 365822 Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | no | https://github.com/OpenSC/OpenSC/commit/3b556ef6188bd286f804f65b59e6d3ffc0798e0c | 2021-02-11 | |
| 0024-sm-global-platform-Fix-possible-memory-leak.patch | sm-global-platform: Fix possible memory leak Thanks coverity CID 365821 |
Jakub Jelen <jjelen@redhat.com> | no | https://github.com/OpenSC/OpenSC/commit/ffed34663da07681f8133a8edc3d879a2e61bf83 | 2021-02-11 | |
| 0025-pkcs15-iasecc-Check-return-value-as-in-other-cases.patch | pkcs15-iasecc: Check return value as in other cases Thanks coverity CID 365820 |
Jakub Jelen <jjelen@redhat.com> | no | https://github.com/OpenSC/OpenSC/commit/cee431a3ce36f68313740291d7f184c74d84730a | 2021-02-11 | |
| 0026-p11test-Fix-possible-resource-leak.patch | p11test: Fix possible resource leak Thanks coverity CID 365819 |
Jakub Jelen <jjelen@redhat.com> | no | https://github.com/OpenSC/OpenSC/commit/a567ab9dca5d0d8b1b169f780833607be88d2daf | 2021-02-11 | |
| 0027-pkcs15-iasecc-Avoid-memory-leak.patch | pkcs15-iasecc: Avoid memory leak Thanks coverity CID 365818 |
Jakub Jelen <jjelen@redhat.com> | no | https://github.com/OpenSC/OpenSC/commit/46cfe89b3c3cf325bcbd4f6a9ef001d5a647144b | 2021-02-11 | |
| 0028-pkcs15-isoApplet-Avoid-uninitialized-reads.patch | pkcs15-isoApplet: Avoid uninitialized reads Thanks coverity CID 365817 |
Jakub Jelen <jjelen@redhat.com> | no | https://github.com/OpenSC/OpenSC/commit/5f7c91e54f41d5e609b25fe1b0e615c1a17cf318 | 2021-02-11 | |
| 0029-tcos-fixed-memcpy-with-0-or-less-bytes.patch | tcos: fixed memcpy with 0 or less bytes | Frank Morgner <frankmorgner@gmail.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/d353a46d0444bb34ca28a3dcc884afe196f851b6 | 2020-12-08 |
| 0030-avoid-memory-leak-when-creating-pkcs-15-files.patch | avoid memory leak when creating pkcs#15 files | Frank Morgner <frankmorgner@gmail.com> | no | https://github.com/OpenSC/OpenSC/commit/881dca94ef8e66478d3161dffeab3ebbba2f7f7f | 2020-12-08 | |
| 0031-fixed-13755-Resource-leak.patch | fixed 13755 Resource leak ... as reported by coverity scan. p11cards are freed by emptying the virtual slots. virtual slots are creatd with the framework's create_tokens. Hence, we need to free p11card if no tokens were created. |
Frank Morgner <frankmorgner@gmail.com> | no | https://github.com/OpenSC/OpenSC/commit/c2670b0787662b612c10a7c891738fba551d125f | 2020-12-08 | |
| CVE-2021-42781_2.patch | oberthur: Handle more memory issues during initialization Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/40c50a3a4219308aae90f6efd7b10213794a8d86 | 2021-03-01 |
| CVE-2021-42781_3.patch | oberthur: fixed Heap-buffer-overflow | Frank Morgner <frankmorgner@gmail.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/05648b0604bf3e498e8d42dff3c6e7c56a5bf749 | 2021-03-17 |
| 0034-oberthur-Fix-memory-leaks.patch | oberthur: Fix memory leaks Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | upstream | https://github.com/OpenSC/OpenSC/commit/715c17c469f6c463dd511a5deb229da4de9ee100 | 2021-03-17 |
| CVE-2021-42781_4.patch | oberthur: One more overlooked buffer overflow Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/5d4daf6c92e4668f5458f380f3cacea3e879d91a | 2021-03-18 |
| 0036-iasecc-Fix-ACLs-support-when-length-is-6-2264.patch | iasecc: Fix ACLs support when length is 6 (#2264) * IASECC: offset is a size_t Let's use a size_t for the offset in order to have a proper logic along with the related arithmetics. * iasecc: Fix ACLs support when length is 6 ACLs with length < 6 are allowed, depending on the mask of the offset 0. For instance, when the offset 0 is 0x7B, then length can be up to 7 when the offset 0 is 0x7A, the loop was never performing any access to the acls[7] thanks to: if (!(mask & acls[0])) continue; However, the oss-fuzz tools cannot guess such behavior. So let's have a robust boundary check. |
Vincent JARDIN <vjardin+github@free.fr> | yes | upstream | https://github.com/OpenSC/OpenSC/commit/b18234a7d9a2d63df1f1df6fa31a2b81447ede46 | 2021-03-22 |
| CVE-2021-42782_4.patch | coolkey: Initialize potentially uninitialized memory Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/7114fb71b54ddfe06ce5dfdab013f4c38f129d14 | 2021-03-24 |
| CVE-2021-42781_5.patch | oberthur: Handle 1B OIDs Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/cae5c71f90cc5b364efe14040923fd5aa3b5dd90 | 2021-04-06 |
| 0039-eidenv-Avoid-memory-leak.patch | eidenv: Avoid memory leak | Jakub Jelen <jjelen@redhat.com> | no | https://github.com/OpenSC/OpenSC/commit/d34e84c78d28cbc59d9e98082105d667c4ddca00 | 2021-06-18 | |
| CVE-2021-42782_5.patch | PIV Improved parsing of data from the card Based on Fuzz testing, many of the calls to sc_asn1_find_tag were replaced with sc_asn1_read_tag. The input is also tested that the expected tag is the first byte. Additional tests are also add. sc_asn1_find_tag will skip 0X00 or 0Xff if found. NIST sp800-73-x specs do not allow these extra bytes. On branch PIV-improved-parsing Changes to be committed: modified: card-piv.c |
Doug Engert <deengert@gmail.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/456ac566938a1da774db06126a2fa6c0cba514b3 | 2021-07-14 |
| CVE-2023-2977.patch | pkcs15init: correct left length calculation to fix buffer overrun bug. | fullwaywang <fullwaywang@tencent.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a | 2023-05-29 |
| CVE-2023-5992/01-e8883b1.patch | Reimplement removing of PKCS#1 v1.5 padding to be time constant | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/e8883b1f91572c40bab8718f0ba274ab71906490 | 2023-11-13 |
| CVE-2023-5992/02-bfe0e05.patch | Add unit tests for PKCS#1 v1.5 de-padding | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/bfe0e05f4aa771d6beab4660c06072eb6eedf372 | 2023-11-13 |
| CVE-2023-5992/03-2ee8730.patch | pkcs15-sec: Remove logging after PKCS#1 v1.5 depadding To prevent Marvin attack on RSA PKCS#1 v1.5 padding when logging the return value, signaling the padding error. |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/2ee8730649e9a0f2ab01597cfba4f72571eed601 | 2023-11-16 |
| CVE-2023-5992/04-0494e46.patch | framework-pkcs15.c: Handle PKCS#1 v1.5 depadding constant-time In order to not disclose time side-channel when the depadding fails, do the same operations as for case when depadding ends with success. |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/0494e46a39ed52a5f81216e88a8a994bb6b7b280 | 2023-11-16 |
| CVE-2023-5992/05-5b5fcc9.patch | mechanism: Handle PKCS#1 v1.5 depadding constant-time | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/5b5fcc983b37f0d3587f61fd986026647e88c323 | 2024-01-08 |
| CVE-2023-5992/06-e018f19.patch | minidriver: Make CardRSADecrypt constant-time | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/e018f1941bb8630b5ef8cc08b80182d801f4114e | 2023-11-22 |
| CVE-2023-5992/07-2d84cec.patch | pkcs11-object: Remove return value logging To prevent Marvin attack on RSA PKCS#1 v1.5 padding when logging the return value, signaling the padding error. |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/2d84cec2fc6f5093387d29b0bbc808b24e043b00 | 2023-11-24 |
| CVE-2023-5992/08-b31f82b.patch | misc: Compare return value constant-time | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/b31f82bcebb2a3b53348a1b16f038fce4d3ed9bb | 2023-11-24 |
| CVE-2023-5992/09-5747804.patch | unittests: Do not use uninitialized memory Thanks Coverity CID 414676, 414677, 414678, 414679, 414680, 414681, 414682, 414683, 414684, 414685, 414686 |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/5747804c645c3d57d69a0ec733697d79e5b66f7b | 2024-02-05 |
| CVE-2023-5992/10-c153e2f.patch | Fix constant-time comparison of negative values Thanks Coverity CID 414687 |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/c153e2fe979b05851ab06b45799a9358cdde6fe3 | 2024-02-05 |
| CVE-2023-5992/11-556cbf3.patch | padding: Set correct output length in PKCS#1 v1.5 depadding | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/556cbf3ef71425e69eb3914961332f67335cd9ff | 2024-03-19 |
| CVE-2023-5992/12-21a0a25.patch | minidriver: Remove logging to prevent Marvin attack | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/21a0a25e516cc46724659efb1f08e778d1c225f5 | 2024-03-20 |
| CVE-2023-5992/13-29a98e5.patch | unittests: Test correct output length for PKCS#1 v1.5 depadding | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/29a98e5b2811f3df7cc7982d8b30a86e756c325c | 2024-03-20 |
| CVE-2023-40660.patch | Fixed PIN authentication bypass If two processes are accessing a token, then one process may leave the card usable with an authenticated PIN so that a key may sign/decrypt any data. This is especially the case if the token does not support a way of resetting the authentication status (logout). We have some tracking of the authentication status in software via PKCS#11, Minidriver (os-wise) and CryptoTokenKit, which is why a PIN-prompt will appear even though the card may technically be unlocked as described in the above example. However, before this change, an empty PIN was not verified (likely yielding an error during PIN-verification), but it was just checked whether the PIN is authenticated. This defeats the purpose of the PIN verification, because an empty PIN is not the correct one. Especially during OS Logon, we don't want that kind of shortcut, but we want the user to verify the correct PIN (even though the token was left unattended and authentication at the computer). This essentially reverts commit e6f7373ef066cfab6e3162e8b5f692683db23864. |
Frank Morgner <frankmorgner@gmail.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/868f76fb31255fd3fdacfc3e476452efeb61c3e7 | 2023-06-21 |
| CVE-2023-40661/01-245efe6.patch | pkcs15: Avoid buffer overflow when getting last update Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/245efe608d083fd4e4ec96793fdefd218e26fde7 | 2023-08-17 |
| CVE-2023-40661/02-440ca66.patch | setcos: Avoid buffer underflow Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/440ca666eff10cc7011901252d20f3fc4ea23651 | 2023-08-17 |
| CVE-2023-40661/03-4013a80.patch | setcos: Avoid writing behind the path buffer end The path->value buffer is fixed to 16 bytes so it is not always possible to append 2 more bytes. Doing so overruns the buffer, writing into the ACL block, crashing during the cleanup. Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/4013a807492568bf9907cfb3df41f130ac83c7b9 | 2023-11-15 |
| CVE-2023-40661/04-41d61da.patch | oberthur: Avoid buffer overflow Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/41d61da8481582e12710b5858f8b635e0a71ab5e | 2023-09-20 |
| CVE-2023-40661/05-638a500.patch | pkcs15-pubkey.c: Avoid double-free Thanks OSS-Fuzz |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/638a5007a5d240d6fa901aa822cfeef94fe36e85 | 2023-08-10 |
| CVE-2023-40661/06-c449a18.patch | pkcs15-cflex: check path length to prevent underflow Thanks OSS-Fuzz |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/c449a181a6988cc1e8dc8764d23574e48cdc3fa6 | 2023-06-19 |
| CVE-2023-40661/07-5631e98.patch | Check length of string before making copy Thanks OSS-Fuzz |
Veronika Hanulikova <xhanulik@fi.muni.cz> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/5631e9843c832a99769def85b7b9b68b4e3e3959 | 2023-03-03 |
| CVE-2023-40661/08-df5a176.patch | Check array bounds Thanks OSS-Fuzz |
Veronika Hanulikova <xhanulik@fi.muni.cz> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/df5a176bfdf8c52ba89c7fef1f82f6f3b9312bc1 | 2023-02-10 |
| CVE-2023-40661/09-578aed8.patch | sc_pkcs15init_rmdir: prevent out of bounds write | Frank Morgner <frankmorgner@gmail.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/578aed8391ef117ca64a9e0cba8e5c264368a0ec | 2022-12-08 |
| CVE-2023-40661/10-6091640.patch | epass2003: Avoid heap buffer overflow Removes also needless malloc & memcpy instead of returning the first allocated buffer. Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/609164045facaeae193feb48d9c2fc5cc4321e8a | 2023-11-16 |
| CVE-2023-40661/11-2a4921a.patch | iasecc: Check length of data when parsing crt Thanks OSS-Fuzz |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/2a4921ab23fd0853f327517636c50de947548161 | 2023-08-29 |
| CVE-2023-40661/12-83b9129.patch | iassecc: Verify buffer lengths before use Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/83b9129bd3cfc6ac57d5554e015c3df85f5076dc | 2023-10-11 |
| CVE-2023-40661/13-fbda61d.patch | iasecc: Avoid buffer overflow with invalid data Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/fbda61d0d276dc98b9d1d1e6810bbd21d19e3859 | 2023-10-27 |
| CVE-2023-40661/14-8fc2c20.patch | iasecc: Avoid another buffer overflow thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/8fc2c20c3f895569eeb58328bb882aec07325d3b | 2023-11-07 |
| CVE-2023-40661/15-6085994.patch | card-entersafe.c: Free modulus buffer in case of error Thanks OSS-Fuzz |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/6085994384a7171c5c68f6718d9db10ed77c5af1 | 2023-08-10 |
| CVE-2023-40661/16-50f0985.patch | entersafe: Avoid buffer overflow during keygen Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/50f0985f6343eeac4044661d56807ee9286db42c | 2023-10-08 |
| 0072-authentic-Avoid-memory-leaks.patch | authentic: Avoid memory leaks Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | upstream | https://github.com/OpenSC/OpenSC/commit/6d1fcd9cf82c6501089898066656fbe6737f3ced | 2023-11-23 |
| CVE-2024-1454.patch | authentic: Avoid use after free Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9 | 2023-12-18 |
| CVE-2024-8443/01-b28a3ce.patch | openpgp: Do not accept non-matching key responses When generating RSA key pair using PKCS#15 init, the driver could accept responses relevant to ECC keys, which made further processing in the pkcs15-init failing/accessing invalid parts of structures. Thanks oss-fuzz! |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc | 2024-08-12 |
| CVE-2024-8443/02-02e8474.patch | openpgp: Avoid buffer overflow when writing fingerprint Fix also surrounding code to return error (not just log it) when some step fails. Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e | 2024-08-15 |
| CVE-2024-45616/01-76115e3.patch | gids: Avoid using uninitialized memory Thanks Matteo Marini for report |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/76115e34799906a64202df952a8a9915d30bc89d | 2024-05-20 |
| CVE-2024-45615/01-bde991b.patch | pkcs15init: Avoid using uninitialized memory Thanks Matteo Marini for report |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/bde991b0fe4f0250243b0e4960978b1043c13b03 | 2024-05-20 |
| CVE-2024-45616/02-e7177c7.patch | cac: Correctly calculate certificate length based on the resplen Thanks Matteo Marini for report |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/e7177c7ca00200afea820d155dca67f38b232967 | 2024-05-20 |
| CVE-2024-45615/02-5e4f26b.patch | cac: Fix uninitialized values Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/5e4f26b510b04624386c54816bf26aacea0fe4a1 | 2024-07-11 |
| CVE-2024-45616/03-1d3b410.patch | cardos: Fix uninitialized values Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/1d3b410e06d33cfc4c70e8a25386e456cfbd7bd1 | 2024-07-11 |
| CVE-2024-45616/04-cccdfc4.patch | card-dnie: Check APDU response length and ASN1 lengths Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/cccdfc46b10184d1eea62d07fe2b06240b7fafbc | 2024-07-12 |
| CVE-2024-45616/05-5fa7587.patch | muscle: Report invalid SW when reading object Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/5fa758767e517779fc5398b6b4faedc4e36d3de5 | 2024-07-12 |
| CVE-2024-45616/06-3562969.patch | card-mcrd: Check length of response buffer in select Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/3562969c90a71b0bcce979f0e6d627546073a7fc | 2024-07-12 |
| CVE-2024-45615/03-bb3dedb.patch | pkcs15-cert.c: Initialize OID length In case it is not set later. Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/bb3dedb71e59bd17f96fd4e807250a5cf2253cb7 | 2024-07-12 |
| CVE-2024-45616/07-16ada9d.patch | card-gids: Use actual length of reponse buffer Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/16ada9dc7cddf1cb99516aea67b6752c251c94a2 | 2024-07-12 |
| CVE-2024-45617/01-fdb9e90.patch | cac: Check return value when selecting AID Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/fdb9e903eb124b6b18a5a9350a26eceb775585bc | 2024-07-16 |
| CVE-2024-45619/01-f01bfbd.patch | pkcs15-tcos: Check number of read bytes for cert Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/f01bfbd19b9c8243a40f7f17d554fe0eb9e89d0d | 2024-07-16 |
| CVE-2024-45617/02-21d869b.patch | cardos: Return error when response length is 0 Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/21d869b77792b6f189eebf373e399747177d99e2 | 2024-07-16 |
| CVE-2024-45615/04-7d68a7f.patch | card-piv: Initialize variables for tag and CLA In case they are not later initialize later by sc_asn1_read_tag() function. Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/7d68a7f442e38e16625270a0fdc6942c9e9437e6 | 2024-07-16 |
| CVE-2024-45615/05-42d718d.patch | pkcs15-sc-hsm: Initialize variables for tag and CLA In case they are not later initialize later by sc_asn1_read_tag() function. Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/42d718dfccd2a10f6d26705b8c991815c855fa3b | 2024-07-16 |
| CVE-2024-45619/02-6730656.patch | pkcs15-gemsafeV1: Check length of buffer for object Number of actually read bytes may differ from the stated object length. Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/673065630bf4aaf03c370fc791ef6a6239431214 | 2024-07-17 |
| CVE-2024-45617/03-efbc14f.patch | card-jpki: Check number of read bytes Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/efbc14ffa190e3e0ceecceb479024bb778b0ab68 | 2024-07-17 |
| CVE-2024-45618/01-8632ec1.patch | pkcs15-tcos: Check return value of serial num conversion Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/8632ec172beda894581d67eaa991e519a7874f7d | 2024-07-17 |
| CVE-2024-45619/03-a1d8c01.patch | pkcs15-tcos: Check certificate length before accessing Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/a1d8c01c1cabd115dda8c298941d1786fb4c5c2f | 2024-07-17 |
| CVE-2024-45618/02-f9d6866.patch | pkcs15-lib: Report transport key error Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/f9d68660f032ad4d7803431d5fc7577ea8792ac3 | 2024-07-17 |
| CVE-2024-45620/01-a1bcc65.patch | pkcs15-starcos: Check length of file to be non-zero Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/a1bcc6516f43d570899820d259b71c53f8049168 | 2024-07-18 |
| CVE-2024-45620/02-6baa195.patch | iasecc-sdo: Check length of data before dereferencing Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/6baa19596598169d652659863470a60c5ed79ecd | 2024-07-18 |
| CVE-2024-45616/08-ef7b10a.patch | card-oberthur: Check length of serial number Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/ef7b10a18e6a4d4f03f0c47ea81aa8136f3eca60 | 2024-07-18 |
| CVE-2024-45619/04-e20ca25.patch | pkcs15-setcos: Check length of generated key Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/e20ca25204c9c5e36f53ae92ddf017cd17d07e31 | 2024-07-18 |
| CVE-2024-45620/03-468a314.patch | iasecc-sdo: Check length of data when parsing Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/468a314d76b26f724a551f2eb339dd17c856cf18 | 2024-07-18 |
| CVE-2024-45619/05-2b6cd52.patch | pkcs15-sc-hsm: Properly check length of file list Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/2b6cd52775b5448f6a993922a30c7a38d9626134 | 2024-07-18 |
| CVE-2024-45619/06-dd554a2.patch | card-coolkey: Check length of buffer before conversion Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/dd554a2e1e31e6cb75c627c653652696d61e8de8 | 2024-07-18 |
| CVE-2024-45616/09-aa102cd.patch | card-entersafe: Check length of serial number Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/aa102cd9abe1b0eaf537d9dd926844a46060d8bc | 2024-07-23 |
| CVE-2024-45616/10-265b283.patch | card-cardos: Check length of APDU response | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/265b28344d036a462f38002d957a0636fda57614 | 2024-08-01 |