Re: CVE Request: pcsc-lite use-after-free and double-free

[<cve-assign () mitre org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> The SCardReleaseContext function normally releases resources associated with the
> given handle (including "cardsList") and clients should cease using this handle.
> A malicious client can however make the daemon invoke SCardReleaseContext and
> continue issuing other commands that use "cardsList", resulting in a
> use-after-free.  When SCardReleaseContext is invoked multiple times, it
> additionally results in a double-free of "cardsList".
>
> http://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html
> https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22

> > 2016-12-30
> > To avoid this problem, destroy the list only when the client connection is terminated.

Use CVE-2016-10109.

(The double-free is not sufficiently independent of the use-after-free to
require two CVE IDs.)

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYa8TbAAoJEHb/MwWLVhi2T6gP/jW4DFCfQJPZLhy5ydgqwOqC
XdrMCVUAVJ+sil8+Tx+v5ylnEDg9WitiUpbuRLILSD/h5XD0I9hYbGjeuNR1DGk/
ZhHRyzLMK+njgmemtMCLS+mAjnu3WVvXs97hL1V4UE/9IVw2jW5fms3zL/DoEBHm
XBXu0rnTRs/0LCM+uIwh7xTOXnnfATROi/eDZCsM32ufSFVfrqeha4uH42MIJa7H
umBp7Gp4iRRMUOdH9mn7AvRni8E9U1JqMpnriz/BZkY9LBy7iCuIqlIV+s4Pnfz4
bFv4QkGrI0MIa//Qe2hkXQ4qkK6kD3PdAZRp75t+o7QJcTiwZT3MdDhRsReuu+bu
qqf2QHa/cnUd7jutDo+CB7rZbdZCt/zi2Vhubo4DwWoOA0InGzXH3UpYs0nd2EBL
cyVclqmTelo3ylMZUwJvZ5WSSjI2dORoe5f4WmvC6AC5Hdgoj8pPpY5E+lXQDTLN
hB2thbSgeMqhCchdVVn1ydqC4YuyrHfaVY9pA2lfJ4NwWy0/ggVKIGZ/qm1A9GCH
IBXolytm4Va9GZ1hi0/R06lpwwsqJrPQpmDjgt7FIsEyleDAA1kf0Y+wcQGszTg6
5CVxbci9e83OjFxdvZv+ITliarobUOHvnu/7AX04ZbIuiSoi7ce2HR6MwmhEy+YI
GWjm/aDGodtMWYtZzI+Q
=9VvD
-----END PGP SIGNATURE-----