oss-sec mailing list archives
Re: CVE Request: pcsc-lite use-after-free and double-free
From: <cve-assign () mitre org>
Date: Tue, 3 Jan 2017 10:39:40 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
The SCardReleaseContext function normally releases resources associated with the given handle (including "cardsList") and clients should cease using this handle. A malicious client can however make the daemon invoke SCardReleaseContext and continue issuing other commands that use "cardsList", resulting in a use-after-free. When SCardReleaseContext is invoked multiple times, it additionally results in a double-free of "cardsList". http://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22
2016-12-30 To avoid this problem, destroy the list only when the client connection is terminated.
Use CVE-2016-10109. (The double-free is not sufficiently independent of the use-after-free to require two CVE IDs.) - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYa8TbAAoJEHb/MwWLVhi2T6gP/jW4DFCfQJPZLhy5ydgqwOqC XdrMCVUAVJ+sil8+Tx+v5ylnEDg9WitiUpbuRLILSD/h5XD0I9hYbGjeuNR1DGk/ ZhHRyzLMK+njgmemtMCLS+mAjnu3WVvXs97hL1V4UE/9IVw2jW5fms3zL/DoEBHm XBXu0rnTRs/0LCM+uIwh7xTOXnnfATROi/eDZCsM32ufSFVfrqeha4uH42MIJa7H umBp7Gp4iRRMUOdH9mn7AvRni8E9U1JqMpnriz/BZkY9LBy7iCuIqlIV+s4Pnfz4 bFv4QkGrI0MIa//Qe2hkXQ4qkK6kD3PdAZRp75t+o7QJcTiwZT3MdDhRsReuu+bu qqf2QHa/cnUd7jutDo+CB7rZbdZCt/zi2Vhubo4DwWoOA0InGzXH3UpYs0nd2EBL cyVclqmTelo3ylMZUwJvZ5WSSjI2dORoe5f4WmvC6AC5Hdgoj8pPpY5E+lXQDTLN hB2thbSgeMqhCchdVVn1ydqC4YuyrHfaVY9pA2lfJ4NwWy0/ggVKIGZ/qm1A9GCH IBXolytm4Va9GZ1hi0/R06lpwwsqJrPQpmDjgt7FIsEyleDAA1kf0Y+wcQGszTg6 5CVxbci9e83OjFxdvZv+ITliarobUOHvnu/7AX04ZbIuiSoi7ce2HR6MwmhEy+YI GWjm/aDGodtMWYtZzI+Q =9VvD -----END PGP SIGNATURE-----
Current thread:
- CVE Request: pcsc-lite use-after-free and double-free Peter Wu (Jan 03)
- Re: CVE Request: pcsc-lite use-after-free and double-free cve-assign (Jan 03)