WRITEUP

WRITEUP

Exploit for CVE-2019-19480 - OpenSC <0.20.0-rc3 - Memory Corruption

AI Analysis

This patch addresses a memory leak vulnerability in OpenSC's pkcs15-prkey.c, where improper cleanup of allocated memory during ASN.1 decoding could lead to information disclosure. The fix simplifies the cleanup process by directly freeing the subject value instead of checking multiple flags.

Attack Type

info_leak

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1592 - Gather Victim Host Information

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7

Authors

Jakub Jelen

Vulnerability

CVE-2019-19480

OpenSC <0.20.0-rc3 - Memory Corruption

MEDIUM

CVSS 4.6