SB2016123105 - Use-after-free in pcsc-lite (Alpine package)
Published: December 31, 2016
Security Bulletin ID
SB2016123105
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2016-10109)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function. A a remote attackers can cause denial of service (crash).
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=021b293da86581334bb98c063495f30aabcd7284
- https://git.alpinelinux.org/aports/commit/?id=0e08b80a058f5402b1bd594be1be52762049b882
- https://git.alpinelinux.org/aports/commit/?id=5076b2f6f50e76b903b75c82a840d4a05d30c98d
- https://git.alpinelinux.org/aports/commit/?id=53e7378a3a9f45c0105f48b7f01f62f6128f0eeb