CVE-2021-42780
CVE-2021-42780
In short
OpenSC versions before 0.22.0 have a memory issue in the insert_pin function where the code tries to use data after it has been freed, potentially crashing applications that use the library.
Technical detail
A use-after-return vulnerability exists in OpenSC's insert_pin function prior to version 0.22.0, where freed memory is accessed, leading to undefined behavior and potential denial of service against applications leveraging the affected library.
Summary generated and translated by AI from the official description.
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
Affected products
n/a · openscWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383https://bugzilla.redhat.com/show_bug.cgi?id=2016139https://github.com/OpenSC/OpenSC/commit/5df913b7https://lists.debian.org/debian-lts-announce/2023/06/msg00025.htmlhttps://lists.debian.org/debian-lts-announce/2024/12/msg00026.htmlhttps://security.gentoo.org/glsa/202209-03